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Introducing the software-based 
VoIP solution from Microsoft. It's a 
whole new way to look at telephony. 

As it turns out, that important 
move to VoIP isn't about ripping and 
replacing or big, upfront costs. That's 
because it's no longer about hardware. 

It's actually about software. 

That's right. Keep your hardware— 
your PBX, your gateways, even your 
phones. Add software. Software that 
integrates with Active Directory,® 
Microsoft® Office, Microsoft Exchange 
Server, and your PBX. Simply maximize 
your current PBX investment and make 
it part of your new software-based 
VoIP solution. 

Because what you have is good. 
What you have with the right 
software is even better. Learn more 
at microsoft.com/voip 


Your potential. Our passion. " 

Microsoft 
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FEATURES 

31 Split-Brain DNS 

Split-brain DNS ensures that users on your 
network can access local resources by using the 
public IP address. Follow these steps to put your 
double-duty DNS to work. 

BY MICHAEL DRAGONE 



35 Managing AD User Accounts 
with PowerShell 

Although PowerShell doesn't include cmdlets 
for managing Active Directory, AD cmdlets are 
available—and they're free. You can use them to 
automate many of the tasks you need to perform 
to keep user accounts up-to-date. 

BY DMITRY SOTNIKOV 


SOLUTIONS PLUS 

40 Move Apps from UNIX to 
Windows with SUA 


INTERACT 

19 Reader to Reader 

Modify the boot.ini file to get into Directory 
Services Restore Mode on a remote DC, 
and edit the system.ini file to fix a mouse 
integration bug. 


21 Ask the Experts 

Find out how DPM protects your data, get tips 
for using Control Panel's search component, 
learn how to set machine logon restrictions 
for a group, and more. 


Access articles online at www.windowsitpro.com. 
Enter the article ID (loc ated at the end of each — 
article) in the InstantDoc ID text box on the 
home page. 



Take advantage of Microsoft's new Subsystem 
for UNIX-based Applications (SUA) with Windows 
Vista and Windows Server 2008 for an intriguing 
alternative to UNIX systems. 

BY JOHN HOWIE 


44 Secure Active Directory with 
XML-Based Templates 

Microsoft's new .admx template format lets 
you centrally store admin files and reduces the 
amount of data you need to replicate between 
DCs. You can even create custom .admx files to 
suit your needs. 

BY RUSSELL SMITH 


OFFICE & SHAREPOINT PRO 

53 Using SharePoint for 
Extranets 

Learn about extranets and how to set one up 
using the SharePoint platform. 

BYTIM JONES 


54 SharePoint Extranets: WSS or MOSS 
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FORSTER I IT PRO PERSPECTIVE 

Microsoft's SMB Products and 
Services 

As IT spending in the SMB market increases, 
Microsoft focuses its efforts on related software 
and services, such as Windows Essential Business 
Server, Small Business Server, and Microsoft 
Online Services. 


THURROTT I NEED TO KNOW 

12 Microsoft Online Services 
and IE 8.0 Security Features 

Learn how you might save by using Microsoft 
Online Services—a set of Microsoft server 
solutions that are offered as subscription services, 
hosted by Microsoft, and sold through the 
company's partners. Plus, Paul explores IE 8.0 
security features. 


MINASI i WINDOWS POWER TOOLS 

16 Adjusting Screen 
Resolution on Server Core 

Let's continue our ongoing Server Core 
configuration effort by changing the display 
resolution. Without a GUI, you'll have to use the 
registry. 


OTEY I TOP 10 

SQL Server 2008 New 
Features 

The latest version of SQL Server includes new 
features—such as the Resource Governor, 
Policy-Based Management, and transparent 
data encryption—that will improve database 
administration and provide enhanced security 
and scalability. 
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PRODUCTS 


New & Improved 

Check out the latest products to hit the marketplace. 
PRODUCT SPOTLIGHT: Embotics V-Commander 2.0 


REVIEW 

Paul's Picks 

See how Mozilla Firefox 3.0 rates as an enterprise web browser; 
plus, Windows Server 2008 Hyper-V arrived late, but it's worth a 
look if you're interested in server virtualization. 

BY PAUL THURROTT 


REVIEW 

60 Palm Treo 750 

Palm's Treo 750 smart phone now uses Windows Mobile and 
Microsoft's Direct Push Technology, but admins might want to 
carry a battery charger on long calls. 

BY JASON BOVBERG 


REVIEW 

61 dtSearch 7 Desktop with Spider 

Skeptical of indexing and desktop search solutions? Maybe 
dtSearch 7 Desktop with Spider is the answer you're looking for. 

BY MICHAEL K. CAMPBELL 


IN EVERY ISSUE 



MARKET WATCH 

Instant Messaging Headaches 

The widespread adoption of IM technologies in businesses 
translates to more work for IT pros. Here are the risk factors and 
pain points to watch out for, along with a few good products to 
help with the workload. 

BY JEFF JAMES _ 

64 IM Security Vendors 
66 Maxwell Smart? Your IM Is Ready 


BUYER’S GUIDE 

OS and Application Deployment Tools 

If you're planning to roll out an OS or application suite across 
your organization's network, check out these tools from 
Microsoft and third-party vendors for deployment help. 

BY JEFF JAMES AND SHEILA MOLNAR 


Industry Bytes 

Parallels'virtualization fits the bill for a reader; power 
conservation is easier than ever; IT pros'jobs are recession-proof; 
and everybody's snooping on their companies'users. 






































































Upgrade to Next-jSeneration 
Antispam/Antivirus for Exchange: 



Osterman Research: "Half the admin time!" 



AWARDS 


2007 

WINNER 

Honored in the U.S. 




Meet Sunbelt Ninja Email Security: The award-winning all-in-one, best-of-breed, 
third-generation email security solution. Ninja is a plug-in framework that 
integrates best-of-breed antispam, antivirus, disclaimers and SMART attachment 
filtering on your Exchange server. 

Half the admin time: Independent research shows that Ninja requires one-half the IT 
time to manage than other comparable email management systems.* With its MMC 
interface, Ninja is easy to manage so you can get up and running in minutes vs. hours. 


Better multi-engine spam detection: 

Ninjas filtering decimates junk mail and 
image spam with both Cloudmark (which 
includes antiphishing) and Sunbelts own 
heuristics-based iHateSpam engines. Of 
course, it also supports RBLs and SPE 

Integrated multi-engine antivirus: Ninja 

combines the power of multiple 
high-quality AV engines. 

Great end-user control: The policy-based 
plug-in architecture allows you powerful, 
granular control. You can finally rule with 
an iron fist. 



SMART attachment filtering: Ninja features the first flexible policy-based attachment 
filter that isn’t fooled by extensions. It looks inside files to determine their true identity. 
Your policies decide what happens to all attachments. 


Download your evaluation copy at: 

www.sunbeltsoftware.com/ninjawinb 



Sunbelt Software 


Email sales@sunbeltsoftware.com or call 888-688-8457 
for your 50% discount competitive upgrade quote 


Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax:1-727-562-5199 www.sunbeltsoftware.com sales@sunbeltsoftware.com 

The competitive upgrade is based on 50% of Ninja list price. 

2007-2008 Sunbelt Software. All rights reserved. Ninja Email Security and Suspicious Mail Attachment Removal Technology are trademarks of Sunbelt Software. All trademarks used are owned by their respective companies. 
*Based on Osterman Research report "Comparing Email Management Systems that Protect Against Spam, Viruses, Malware and Phishing Attacks". December 2006. 























IT PRO PERSPECTIVE 


Forster 

"IT spending in the worldwide SMB 
segment will grow by 7 percent 
annually through 2011." 



Microsoft's SMB Products and Services 


Microsoft responds to a growing market 

I T spending in the worldwide small-to-midsized business 
(SMB) segment will grow by 7 percent annually through 
2011, according to IDC. Compare that specific segment's fig¬ 
ure with IDC's prediction of an annual growth rate of 5.2 per¬ 
cent for overall IT spending worldwide in the same period, 
and you can see why Microsoft is increasingly focused on 
growing its revenue and market share in this fertile field. The com¬ 
pany is approaching this segment with both software, such as the 
new Enterprise Business Server family (which includes Windows 
Essential Business Server—EBS—and Small Business Server—SBS), 
and hosted services such as Microsoft Online Services (MOS—for 
details on MOS, see Paul Thurrott's article on page 12). So how do 
these offerings fit together for Microsoft, and what does it all mean 
if you're in IT in an SMB organization? 

SMB and Microsoft Products 

Microsoft Vice President of Worldwide SMB Mike Risse recently 
explained that the SMB segment accounts for "straight up revenue of 
$50 billion for Microsoft overall. This represents about 20 percent of 
the company's revenue. But it's growing the fastest of the segments. 
From a profitability perspective, SMB has all the big core products 
in it—Windows Server, Office, Windows client. We've also got many 
of the smaller products, and we're growing the business rapidly in 
areas such as security, management, PerformancePoint, Unified 
Communications. We have grown the business 50 percent over the 
last three years." 

The SMB pivot on Microsoft's business is interesting. But the 
company is also investing in products specifically targeted at SMBs, 
such as EBS and SBS. And Microsoft is keeping SMB in the spotlight 
as it introduces new offerings such as MOS. 

How does Microsoft's strategy for EBS and SBS dovetail with 
its Software Plus Services (S+S) strategy and MOS hosted services? 
Risse said EBS and SBS will form the foundation for businesses to 
use S+S solutions: "SBS (which is good to 75 employees) and EBS 
(which is good to 250) are the hub for service consumption and dis¬ 
tribution. Say you have 50 employees in your organization. Are all 50 
employees going to bypass the IT network and infrastructure and go 
straight to the cloud? No. They will all go through their AD structure 
or file-management structure or network logon and then the Internet 
access structure. Their access will be managed, appropriate, and so 
forth. To do that you need a modern infrastructure for managing the 
employees and what services they get to. SBS and EBS are that mod¬ 


ern plumbing infrastructure. As 
an example, not only [do SBS 
and EBS] have services built in 
for security, but also the ability 
to build an Office Live site locally 
and propagate it." 

SMB and Microsoft 
Partners 

Because the majority of Microsoft's SMB customers rely on partners, 
and because partners are so important to Microsoft's success, Risse 
emphasized the role partners will play in the S+S world, with EBS in 
particular: "It's incredibly beneficial if this box, which services these 
employees, can be remotely managed through a browser. We're put¬ 
ting this functionality into EBS so that a partner now has a services 
relationship [with EBS customers]." 

How many SMB customers will want this type of service arrange¬ 
ment? Risse said, "The SMB market will want remote management 
because IT is not their core competency as a business. This is the 
90 percent case of a 100-person company: They're going to have a 
server. It will be the point of control for all IT resources and services 
provided to the user community. That server, which could be onsite 
or offsite, will be remotely managed by a partner. It will provide 
both cloud-based services and services the partner may provide 
uniquely. The combination of partner services, cloud services, and 
local software will be the typical configuration." 

The IT Impact 

If businesses rely increasingly on partners and hosted services, what 
happens to IT jobs? In Risse's opinion, the IT jobs simply move from 
being inside a company to being on the outside. "This is IT, as well. 
The only question is, 'Who are they working for?' This new approach 
increases the importance of the IT person as it becomes part of that 
trusted advisor relationship rather than an employee relationship. 
Frankly, there's generally more power in the trusted advisor relation¬ 
ship as having a broader perspective and having the ability to not just 
fix things but see what can be brought to the organization." ^ 

InstantDoc ID 99812 


KAREN FORSTER (karen@windowsitpro.com) is editorial and strategy 
director for Windows IT Pro and SQL Server Magazine and former director 
of Windows Server User Assistance at Microsoft. 


■ Did You Know? 

Microsoft recently released a set of 
free wizards to help with Windows 
Essential Business Server migration; 
to download the tools, go to 
www.microsoft.com/downloads/ 

detailsaspx?familvid=df8666bb- 

24a4-471 b-9d6b-29d21 bdOfcl a. 
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Microsoft 


Dell.com is one of the world's largest and most advanced e-commerce 
sites. As a technology leader, Dell relies on Windows Server®2008 
for the flexibility and reliability needed to support a mission-critical 
environment where downtime is not an option. Get the full story at 
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Don’t despair. EventSentry® has the answers. 

Whether you need to get real-time event log alerts, consolidate your logs, ensure that services or 
processes are running, monitor system performance or track logons, EventSentry® knows what’s going on 
under the hood of your servers and workstations to help you detect and solve problems proactively. 


Features: 

- Event Log Alerts + Consolidation 

- Scheduled Event Log Backups 

- Performance & Disk Space Monitoring 

- Process & Service Monitoring 

- Web Reporting (Open Source) 

- Heartbeat Monitoring 

- Process, Logon & Print Tracking 

- Software & Hardware Inventory 

- Syslog Daemon 

- Built-in Application Scheduler 

- Complete Environment Monitoring 

- Log File & File Checksum Monitoring 


Notifications: 

-SMTP Email, Pager, and RSS 

- SNMP (vl traps) + Syslog (TCP + UDP) 

- ODBC Database 

(Microsoft® SQL Server®, MySQL®, Oracle®) 
-Text File (ASCII, HTML, CSV) 

- Network, Custom Batch Scripts 

- Instant Messaging (Jabber) 

- Service Control + Server Restart 

I | 

EventSentry® is backed by 
excellent and hypersonic support! 

Free version available! 
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Download your fully functional, free 30-day trial now from: 

www.eventsentry.com 


EVENT SENTRY 


© Copyright 2008 NETIKUS.NET ltd. All Rights Reserved. EventSentry is a registered trademark of NETIKUS.NET ltd in the 
United States and/or other countries. All other trademarks are the property of their respective owners. 
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READER FEEDBACK ■ 


■ Hyper-V vs. VMware ■ Microsoft responds 

■ Cisco setup 


LETTERS@WINDOWSITPRO.COM 


A Reader Responds: Hyper-V vs. 
VMware ESX Server 

After reading Michael Otey's "Virtualization 
Shootout, Part 1"(June 2008, InstantDoc ID 
98879) , I've grown more interested in 
Hyper-V. However, I'm still unclear about a 
couple things: 

1. Cost—When you compared the cost 
of VMware ESX Server with that of Hyper-V, 
did you include the cost of Microsoft System 
Center Virtual Machine Manager (SCVMM)? 

As the article mentions, you need SCVMM to 
perform quick migrations. I believe a Virtual- 
Center for VMware Server license is included 
in the VMware Infrastructure 3 (VI3) Founda¬ 
tion bundle. 

2. Migrations/Vmotion—For enterprise 
systems, VMware's Vmotion technology is 
a must-have. Obviously, Microsoft's quick 
migration isn't live. But what exactly does 
"quick migration" mean to an 
administrator or end user? 

3. Drivers—The article men¬ 
tions that ESX Server's drivers are in 
the hypervisor and that Hyper-V's 
drivers are in the guest OS. What 
are the repercussions for VM migra¬ 
tions? In VI3, because the drivers 
are in the hypervisor, the guest OS 
receives generic drivers that are 
"portable" across the infrastructure. 

Typically, the only concern with 
migrating VMs in VI3 is ensuring 
that your CPUs contain the same feature set. 
However, even if the CPUs are different and 
support different features, the VMs can still 
be migrated cold and brought up on the dis¬ 
similar hardware with no problems. 

Thank you for your help with these ques¬ 
tions. I look forward to further articles about 
Hyper-V in the coming months. 

—Brent McCraney 


The cost comparison doesn't include the cost 
of SCVMM, which is required for quick migra¬ 
tions. Likewise, it doesn't include the cost of 
VirtualCenter for VMware Server on the ESX 
Server side. VirtualCenter is included in the 
high-end editions of the VI management plat¬ 
form. However, it isn't included in the low-end 
VI3 Foundation edition, which we used in our 
comparison. 

VMotion is certainly useful for unplanned 
downtimes. But it isn't necessary for most VM 
implementations. VMotion permits the move¬ 
ment of VMs between hosts without shutting 
down the VM. You'll experience a delay in 
responsiveness while the VM movement takes 
place. But when the process is done, the VM is 
in the same state that it was prior to the move. 
By contrast, Microsoft's Quick Migration saves 
the state of a VM before the move, making the 
VM temporarily unavailable. Then, the system 
moves the VM and 
restores the state. A 
brief interruption of 
service occurs during 
the move. But the 
process is far quicker 
than shutting down 
and restarting the VM. 

The location of the 
drivers in the parent 
partition doesn't affect 
the ability to migrate 
VMs between Hyper-V 
servers. Hyper-V VMs are completely portable, 
just as ESX Server VMs are. 

—Michael Otey 

Setting Up a Cisco Router 

I enjoyed Michael Dragone's article, "9 Steps 
to Setting Up a Cisco Router" (June 2008, 
InstantDoc I D 98740) . I have a quick question 
about Listing 1 's extended access list 101.1 
don't think you need the first Wr\e: permit udp 



Editor's Note: The OS-independent VMware ESXi hypervisor is now available for free. Download 
a copy at www.vmware.com/download. 



Microsoft Responds: 

Hyper-V vs. VMware ESX Server 

According to the development schedule 
specified in "Virtualization Shootout, 

Part 2"(July 2008, InstantDoc I D 99248) , 
Microsoft's Hyper-V was tested using 
prereleased beta code. The performance 
data in the review may not represent an 
apples-to-apples comparison because all 
the performance optimization occurs at 
the very end of the development cycle. 

Microsoft customers and partners 
are seeing great cost savings and perfor¬ 
mance results within their datacenters. 
Most recently, QLogic published a bench¬ 
mark for I/O throughput for storage 
devices going through Windows Server 
2008 Hyper-V. At 180,000 I/Os per second 
on a system running Hyper-V, virtual 
machine connections are just 10 percent 
shy of native performance. This bench¬ 
mark demonstrates Hyper-V's ability to 
bring the advantages of virtualization 
to the most demanding datacenter. For 
more information about installing and 
testing Hyper-V, please check out the tun¬ 
ing guide at www.microsoft.com/whdc/ 
system/sysperf/Perf_tun_srv.mspx. 

—Microsoft 

We're performing another round of tests 
with production code and will publish the 
results later this year. 

—Amy Eisenberg 


any eq bootps any eq bootpc. I think the third 
line— permit udp any any —is a superset of 
the first line and more than covers for it. 

—Dimitrios Kalemis 

You're correct. The third line of access list 101 
would account for line 1 and, in fact, make 
it redundant. Most environments probably 
wouldn't need it; I have it in mine only so that 
I can receive a public routable IP address from 
my ISP. In addition, I have some Deny state¬ 
ments in my access lists that make it a require¬ 
ment to have line 1 present. I apologize for any 
confusion the code caused. ^ 

—Michael Dragone 

InstantDoc ID 99751 


www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 


SEPTEMBER 2008 9 



















YOUR SAVVY ASSI 


ONLINE 

windowsitpro.com 


<5 


Iwp n 

ft 


ITTV—Watch IT. 
Express IT. 

Now there's a new way 
to connect with your 
IT peers! ITTV, a new 
and exciting video website 
by Windows IT Pro , makes interacting 
with other IT professionals and devel¬ 
opers easier than it's ever been. 

Watch in-depth technical videos 
for ideas on solving difficult trouble¬ 
shooting issues. Share your technical 
skills with others by discussing best 
practices. Express your views about 
what's working—or not—and why. 
You can even use it as a sounding 
board for new ideas or concepts that 
you want to test. On ITTV, your ideas 
are always on display. ITTV. Don't just 
watch IT—live IT. 

www.ittv.net 


IT Job Hound— 

The Leader ofthe 
Pack 

IT Job Hound is the 
best place to find a job 
in IT. Whether you're 
a developer, IT pro, 
designer, or some¬ 
where in between, 
we'll help you sniff out and 
secure a job that fits your salary, life¬ 
style, and career goals. Brought to 
you by the well-connected, passion¬ 
ate people at Windows IT Pro, IT Job 
Hound is committed to helping you 
find the job you're dreaming of. 
www.itjobhound.com 



Deploying SharePoint: 

Fall Event Series 

This fall, Windows IT Pro and Office & 
SharePoint Pro.com will present an 
8 -city event series. SharePoint experts 
will discuss best practices regarding 
infrastructure, design, forms configu¬ 
rations, and redundancy, providing 
helpful tips on the often overlooked 
considerations in setting up your 
SharePoint architecture. 
www.windowsitpro.com/go/DeploySharePoint 


STANT 


Humphries 

The missing link to 
IT resources 



Relieve Your SharePoint 
Pressure Points 

Our eLearning workshops are like acupuncture 
for your IT knowledge 


I 'm a big fan of moral values. Kind¬ 
ness, sharing, and all that jazz have 
always been pretty high on my prior¬ 
ity list. So when SharePoint came out, 
I didn't need to know what it was; I 
was immediately sold. Technology 
with the word "share" right there in its name 
and built for collaboration sounded pretty 
warm and fuzzy to me. Looking through my 
rose-colored Savvy glasses, I could make out 
endless possibilities for collaboration, team¬ 
work, and cooperation—maybe even peace 
on earth. But now, I can clearly see that for IT 
pros, SharePoint has become more of a pres¬ 
sure cooker than a peacemaker. 

In the web-exclusive article "Betting 
on SharePoint" (May 2008, InstantDoc ID 
99317) , Gayle Rodcay quotes Syrinx CEO 
Andrew Gelina: "What's happening is that the 
business folks are clamoring for SharePoint 
and the IT folks are so overworked that often 
they're hesitant to take on a new platform. 
But with the people who use it, it grows like 
a weed. They start to get familiar with the 
platform, see its potential, and put pressure 
on IT departments to make it do more." Pres¬ 
suring overworked IT pros doesn't seem very 
collaborative to me. In fact, it sounds a whole 
lot like bullying. What's next—CFOs stealing 
employees' lunch money? 

Well I'm here to lead by example and 
show those corporate meanies what team¬ 
work is all about. I found some SharePoint 
eLearning workshops that can help you 
extend your knowledge and meet corpo¬ 
rate expectations. 

Join SharePoint MVPs Dan Holme, 
Michael Noel, and Andrew Connell on 
September 30 and October 1 as they walk 


you through in-depth SharePoint how-tos. 
There are three sessions built just for IT 
pros and three more that are specialized for 
developers. Choose the seminar that's right 
for you, or attend both. 

Mastering SharePoint for IT Pros 

Learn how to customize field types, create 
scheduled services, and go further with the 
Content Query Web Part with MVP Andrew 
Connell in three sessions: 

• Creating Custom Field Types and Con¬ 
trols for SharePoint Sites 

• Creating and Debugging Custom Timer 
Jobs in Windows SharePoint Services 

• Leveraging the Content Query Web Part 
to Its Full Potential 

Mastering SharePoint for Developers 

Learn how to build a better SharePoint 
infrastructure and enable powerful col¬ 
laboration with MVPs Dan Holme and 
Michael Noel in three sessions: 

• 21st Century File Sharing: Configuring 
and Managing Document Libraries 

• Building Code-Free SharePoint Appli¬ 
cations and Business Intelligence Lite 

• Forms-Based Authentication and Extranet 
Deployment Options for SharePoint 2007 

For more information about these eLearning 
seminars and to determine which is the best 
fit for you and your team, go to www. windows 
itpro.com/go/elearning/gotSharePoint. 
And for more SharePoint resources, see my 
extended blog at InstantDoc ID 99776, and 
check out the fall event series listed in this 
page's online section. ^ 

InstantDoc ID 99776 
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Tired of Nursing 
Your Exchange 
Server? 


/\nyone who has given birth to an Exchange 
network knows it can get sick and needs 
some nursing to stay healthy In fact, 72% 
of Exchange Administrators surveyed* have 
“experienced” an Exchange disaster (feels 
like the flu)—usually from improper feeding 
and care. 


Prevent Hiccups 

GOexchange removes errors, warnings and 
inconsistencies within the database—before 
major corruption makes the database fail. 

“GOexchange corrected 2,264 errors 
and 26 warnings. ” 


Like many databases, constant adding and 
deleting can corrupt an Exchange data file 
so it eventually turns sour. Replicating, 
archiving and backing up the data doesn’t 
stop the stink—it just stores it. You’ve 
got to... 

Fix the Problem 

You may have tried the free utilities to fix 
Exchange. While they help, they are too 
tedious, time consuming and lightweight to 
keep your Exchange baby healthy. You’ve 
tried the milk, now try some meat! 


Paul Ramos, Director IT 

Run, Don’t Crawl 

In addition to fixing the database, 

GOexchange removes sluggishness and 
improves performance by re-indexing and 
defragmenting the database to permanently 
remove white space and deleted items. The 
end result is increased performance and 
stability with a compact efficient database 
that’s 31 to 55% smaller! Combine this 
with archiving and the database is up to 91% 
smaller—making it much quicker to backup. 


Created By 



Solutions Inspiring Confidence 


“Life before GOexchange...was 
an absolute nightmare, late nights, 
long weekends and upset users. ” 

Marty Grogan, CTO 

Stop The Crying 


Pamper Yourself with GOexchange 

It’s time to try GOexchange, from Lucid8, 
the #1 best-selling automated disaster 
prevention and optimization software for 
Microsoft Exchange 5.5, 2000, 2003 and 
2007. As the mother of all Exchange tools, 
GOexchange helps prevent disasters, repair 
problems, improves performance, and 
saves you a lot of time. 

“Without routine maintenance, 
decreasing performance, 
increased warnings and 
errors accumulate and 
database fragmentation 
transpires, leading to 
Exchange disasters .” 

Gartner 


“..our information stores were reduced 
by 45-50%." 

Dale Huitt, Systems Lead 

Automated Babysitter 

First, GOexchange is easy to setup and use. 
Twenty minutes—that’s all it takes to get 
your server up and running. Just schedule it, 
and walk away! 

The software notifies the users, validates 
the database, runs the backup, conducts 
a comprehensive system analysis and 
diagnostics, logs the errors, and notifies you 
if it discovers a “stop” error—then it repairs 
and defragments the database, generates a 
thorough report and schedules the next event. 

You can do some of this work yourself, but 
why waste time doing repetitive maintenance, 
when GOexchange can do it for you—faster 
and more effectively than doing it by hand. 


Why not call now, or visit our resource 
site and leam how to reduce the risk, and 
avoid the pain. Protect your exchange data, 
maximize performance, and spend a weekend 
at home —instead of babysitting Exchange. 


/ \ 


Special Offer 

• Free Software for analysis of your 
Exchange server! 

• Free White Paper—“Basic Feeding 
of Your Exchange Server.” 

• Free Essential Guide to Exchange 
Preventative Maintenance 

Go to: www.Lucid8.com/GolTPro 
Call 425.456.8474 
E-mail: Sales@Lucid8.com 




Copyright © 2007 Lucid8. All rights reserved. Microsoft® Exchange Server is a registered trademark of Microsoft® Corporation. All other trademarks are the property of their respective owners. * Refers to Survey conducted by Lucid8. See press release for more details. 












Thurrott 

"The future of computing is 
distributed, and Microsoft clearly 
understands that." 


Microsoft Online Services 


A s more businesses and educational institutions turn 
to cloud computing-based messaging and document¬ 
sharing solutions from Google and other so-called 
Web 2.0-type companies, you might think that Micro¬ 
soft's traditional software delivery method—by which 
it licenses complex server products such as Microsoft 
Exchange and Microsoft Office SharePoint Server to customers— 
is becoming passe. Apparently, Microsoft believes this: Its latest 
initiative, Microsoft Online Services, aims to make some of its most 
popular and complex server products available to companies of 
all sizes as hosted services. Here's what you need to know about 
Microsoft Online Services. 

It's All About Software Plus Services 

Microsoft has been promoting the concept of Software Plus Services 
(S+S) for a while now, but until recently, that moniker sounded like 
more of an excuse than a strategy. But the company might be on to 
something. Many argue that the future of computing will be made 
up largely of online applications delivered through web browsers 
and other non-traditional means, but even if such a scenario is ful¬ 
filled, questions remain: How soon will we get there, and what will 
this transition period between traditional software delivery methods 
and cloud computing look like? 

Microsoft's S+S initiative aims to blend the best of Microsoft's 
traditional software development strengths with the cloud com¬ 
puting paradigm espoused by its competitors. This isn't just about 
protecting its traditional products, however: Microsoft is likely cor¬ 
rect in its belief that the transition to cloud-based services will be 
time consuming and will likely never completely replace desktop 
software solutions. By combining its best-of-breed desktop products 
with web services, Microsoft is offering a path to the future that its 
customers should be comfortable with. 

But what about servers? On the server side, Microsoft's traditional 
offerings are well regarded but are complex to deploy and manage. 
And in this increasingly cost-sensitive era, many businesses are begin¬ 
ning to realize that self-hosting infrastructure services such as email, 
document sharing, and the like is often too complex and expensive. 
Microsoft's solution is to offer its best-selling server solutions as hosted 
services aimed at businesses of all sizes. The first round of these ser¬ 
vices is now being offered through Microsoft Online Services. (Another 
option is also available: Customers can host certain services with 
Microsoft partners, as is the case with Exchange Hosted Services.) 


What Is Microsoft Online Services? 

Put simply, Microsoft Online Services is a set of Microsoft server 
solutions that are offered as subscription services—hosted by Micro¬ 
soft and sold through the company's partners. The first-generation 
Microsoft Online Services will ship later in 2008 and will consist 
of Microsoft Exchange Online, Microsoft Office SharePoint Online, 
Microsoft Office Live Meeting, Microsoft Exchange Hosted Filtering, 
and Microsoft Office Communications Online, the latter of which 
will still be in beta through the end of 2008. (To learn more about 
the individual products, see http://www.microsoft.com/online/ 
defaultmspx.) They're backed by service level agreements (SLAs) 
guaranteeing 99.9 percent uptime. 

David Chow, a Microsoft group product manager, tells me that 
Microsoft Online Services grew out of customer feedback. "Custom¬ 
ers are concerned that they have to continue investing in technical 
learning and train employees for platform solutions that have noth¬ 
ing to do with their key strategic goals," he said. "It's hard for these 
companies to deal with the ups and downs of software life cycles, 
and they'd prefer to move to a more predictable model where secu¬ 
rity, reliability, and availability are all guaranteed, and they don't 
have to worry about hardware, data centers, or other capabilities 
that aren't at the core of what they do." 

Chow says it's a business reality that the industry simply isn't 
going to move to an all-services model anytime soon. And in 
Microsoft's view, there will always be local applications that require 
certain levels of control, security, or customization. But even in 
today's traditional software market, some businesses, such as those 
with branch offices, can take advantage of an S+S solution like 
Microsoft Online Services. And they can combine different types 
of solutions as needed, using on-premise Exchange servers, for 
example, at a main office and Exchange Online-based services at a 
branch office. 

Microsoft Online Services offers the benefits of geo-redundant, 
massively scaled data centers to customers who couldn't afford such 
things on their own. Management is simplified because the server 
software is always kept up to date for customers, who get the latest 
upgrades and versions automatically as long as their subscription 
is current. For end users, the experience is seamless: They can con¬ 
tinue using, for example, Microsoft Outlook or Outlook Web Access 
(OWA) clients for Exchange as usual, with little or no disruption. 

One of the more intriguing scenarios for Microsoft Online 
Services is the ability it offers customers to mix and match. Larger 
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customers, for 
example, might 
want to utilize 
a combination 
of locally man¬ 
aged servers 
with Microsoft 
Online Services 
servers. This 
can be tempo¬ 
rary—as would 
be the case in a 
migration from 
older Exchange 
servers to Micro¬ 
soft Online Ser¬ 
vices—or per¬ 
manent, as with 
the branch- 
office scenario outlined earlier. Part of 
the value of Microsoft Online Services is 
Microsoft's related tools, which include 
directory synchronization—for syncing 
local Active Directory (AD) with Microsoft 
Online Services—and content- migration 
tools, which let you move mailboxes and 
other Exchange data from local servers (as 
far back as Exchange Server 5.5) to Micro¬ 
soft Online Services-based Exchange. 

There are no size limits with Microsoft 
Online Services, either, Chow tells me. The 
service scales from a five-user license on 
the low end up to the needs of any multina¬ 
tional corporation. Microsoft will offer two 
versions of the service: a standard version 
with shared infrastructure that will scale 
according to the needs of customers and a 
dedicated version that provides dedicated 
infrastructure. The dedicated version is 
designed for corporations with 5,000 or 
more users. “We pretty much cover the 
entire market," Chow says. 

What About Partners? 

One of the difficulties in moving to this new 
model is that it appears to cut out Micro¬ 
soft's traditional partner opportunities. Not 
so, Chow says. Instead of bypassing its part¬ 
ner channel, Microsoft is adopting a new 
partner business model for Microsoft Online 
Services that should provide a wealth of new 
customers—70 percent of sales are expected 
to be new customers—and an ongoing rev¬ 
enue model for partners. 

Here's how it will work: With Microsoft 
Online Services, Microsoft's partners will 

www.windowsitpro.com 


have to move from low-margin, project- 
based revenue streams to revenue streams 
based on high-margin services. New oppor¬ 
tunities will come from SharePoint consult¬ 
ing, online migration, and online integration, 
but the ongoing revenues will come from a 
new service-advisor fee structure. Micro¬ 
soft's partners will receive 12 percent com¬ 
missions on new Microsoft Online Services 
customer sales in the first year and then six 
percent every year after that. This ongoing 
revenue stream will encourage partners 
to maintain relationships with customers 
and up-sell them on related products and 
services. 

What Will It Cost? 

Obviously, Microsoft Online Services will 
need to be cost-effective for customers 
to embrace it, but when you compare its 
costs to the costs of maintaining the indi¬ 
vidual servers and employing the people 
needed to do so, it becomes clear that 
Microsoft has at least reached a logical 
starting point. The monthly licensing fee 
or User Subscription License (USL) for 
the entire Microsoft Online Services suite 
is $15 per user per month, with reduced 
costs according to volume. Customers 
can also opt to license individual services. 
Exchange Online Standard, for example, is 
about $10 a month and SharePoint Online 
is $7.25. 


Microsoft is also offering web-only 
USLs with reduced capabilities. These 
so-called Deskless Worker licenses will 
cost $3 per month for the entire suite 
and $2 each per month for the Desldess 
Worker versions of Exchange Online or 
SharePoint Online. One obvious limita¬ 
tion: With a Deskless Worker license, the 
user can access Exchange only via OWA, 
not Outlook. 


When Will This Occur? 

Microsoft will ship the initial version of 
Microsoft Online Services in the second 
half of 2008. This will include US versions of 
Exchange Online, Office SharePoint Online, 
Office Live Meeting, Microsoft Dynamics 
CRM Online, and a beta version of Office 
Communications Online. In 2009, Micro¬ 
soft will provide Microsoft Online Services 
to customers internationally and ship a 
final version of Office Communications 
Online. The company is also preparing 
to add to the Microsoft Online Services 
product line, though it's not saying what 
it will add. 

Recommendations 

Although I know some companies will 
need to host certain servers internally for 
regulatory, legal, or other reasons, I feel 
that externally hosted services are the 
future of business computing. This argu¬ 
ment runs right to the heart of the “Does 
IT Matter?" discussion raised by Nicholas 
G. Carr in his book Does IT Matter? Infor¬ 
mation Technology and the Corrosion of 
Competitive Advantage (Harvard Business 
School Press, 2004). The move to cloud- 
based services won't diminish our reliance 
on Microsoft servers or change the need 
for IT pros to be fluent with these products. 
But it will change how we access these 
technologies. The future of computing is 


distributed, and Microsoft clearly under¬ 
stands that. If you're on the fence about 
self-hosting any of the servers included in 
Microsoft Online Services, or are worried 
about future upgrades and migrations, you 
should investigate this solution. It signals a 
sea change in the way that enterprise-class 
server solutions are delivered to companies 
and their employees. ^ 

InstantDoc ID 99752 


READER 

FASTTRACK 

Cloud com¬ 
puting got 
your mind 
reeling? Get 
backdown 
to earth with 
"Split-Brain 
DNS"on page 
31 and learn 
how to put 
your DNS to 
work. 


"Microsoft Online Services offers 
the benefits of geo-redundant, 
massively scaled data centers to 
customers who couldn't afford such 
things on their own." 
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Microsoft Internet Explorer 8.0 
Security Features 


■ NEED TO KNOW 


B y the time you read this, 
Microsoft will have released 
Microsoft Internet Explorer 
(IE) 8.0 Beta 2, the second 
major external prerelease ver¬ 
sion of its upcoming browser. 
Beta 2 includes several end-user oriented 
features, in sharp contrast to developer- 
oriented Beta 1. But the big news in this 
release is that it includes a near-final look at 
the security advances Microsoft is planning 
for this product. Here's what you need to 
know about IE 8.0 security features. 

Securing IE 

Microsoft has been improving IE security for 
some time now. In the Windows XP SP 2 ver¬ 
sion of IE 6.0, for example, Microsoft added 
a pop-up ad blocker, drive-by download 
protection, and Manage Add-on functional¬ 
ity. In IE 7.0, the company added additional 
security functionality such as Protected 
Mode in Windows Vista, the Phishing filter, 
ActiveX Opt-In, and international domain 
name (IDN) spoofing protection. In IE 8.0, 
you can expect to see the following new 
security features: 

Domain highlighting. IE 8.0 highlights 
the domain name of the currently loaded 
web page. For example, if you've navigated 
t o http://www.winsupersite.com/showcase, 

you will see http://www.winsupersite.com/ 
showcase in the browser's Address Bar. This 
is especially important to prevent malicious 
sites from trying to redirect you or fool you 
into believing you're visiting a legitimate 
site. If the URL for the current web page nav¬ 
igates to an IP address instead of a domain 
name, the Address Bar will turn red. 

SmartScreen Filter. IE's Phishing Filter 
has been renamed as the SmartScreen Filter 
and updated to protect against web sites that 
attempt to deliver various forms of malware. 
Known malicious sites are blocked via a red 
screen, and malicious software downloads 
are blocked as well. (You'll be able to bypass 
these blocks if you want.) Potentially bad 
sites will trigger a pop-up warning. 

ActiveX security features. Microsoft 
has built on the ActiveX opt-in function¬ 
ality from IE 7.0 in several ways. Now, 
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ActiveX controls are installed per user by 
default and on a per-site basis. (However, 
popular and trusted controls for Adobe 
Flash Player, Apple QuickTime, Windows 
Media Center, and a few others will work 
on any site.) A feature called ActiveX Kill- 
bits helps control makers disable controls 
when exploits are found, by using Win¬ 
dows Update functionality. 

Data execution protection (DEP) sup¬ 
port. In the currently shipping versions of 
Windows XP and Vista, IE isn't covered by 
the DEP security feature because of incom¬ 
patibilities with popular ActiveX controls 
and other add-ons. This changes in IE 8.0, as 
long as you're running XP SP3 or Vista SP1. 

The IE 8.0 value 
proposition isn't as 
clear cut as that of 
IE 7.0. Given how 
insecure IE 7.0's 
predecessors were, 
moving to IE 7.0 
was of obvious val¬ 
ue. Still, you should 
begin evaluating IE 
8.0 Beta 2. 

Cross-Site Scripting Filter. Similar to a 
buffer overflow, cross-site scripting occurs 
as the term suggests—across sites. Micro¬ 
soft refers to it as a reflection attack, where 
a malicious web site creates a URL that 
includes an embedded script. When a user 
triggers this URL, another trusted web site is 
loaded into the browser, but the script runs, 
or reflects, on that site. 

Cross-Domain Request and Cross- 
Document Messaging. These two features 
are aimed at web developers who want to 
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^Learning Path 

To Learn More About Internet Explorer 8.0 

"What You Need to Know About Microsoft Internet 
Explorer 8.0 Beta 1," InstantDoc I D 98795 

"About Face: IE 8 to Support Web Standards by 
Default," InstantDoc I D 98464 

To Learn More About Web Browser Security 

"The Web Attack Surface Is Getting Bigger," InstantDoc 
I D 98885 

"Preventing Users from Changing IE's Security Set¬ 
tings," InstantDoc I D 97873 

"Google's Ratproxy Web Security Auditing Tool," 
InstantDoc ID 99702 


create mash-ups, blogs, and other types of 
web applications that rely on cross-domain 
requests and content fetching, but in a more 
secure way. Untrusted sites in a page can 
communicate, and different domains can 
exchange documents, yet the user is pro¬ 
tected from any threats. 

Built for Business 

IE 8.0 is engineered to support a wide range 
of customization options via Group Policy 
Objects (GPOs). For example, administra¬ 
tors can turn off the SmartScreen Filter's 
Disregard and Continue and Unlock down¬ 
load options. If it's customizable in IE, you 
can enforce it via Group Policy. 

Recommendations 

The IE 8.0 value proposition isn't as clear 
cut as that of IE 7.0. Given how insecure 
IE 7.0's predecessors were, moving to IE 
7.0 was of obvious value. Still, you should 
begin evaluating IE 8.0 Beta 2. Security is 
probably the best reason: With its proac¬ 
tive security features, IE 8.0 appears poised 
to protect users against a new generation 
of electronic attacks. And unlike Mozilla's 
otherwise excellent Firefox browser, IE 8.0 
is business friendly, using the familiar cor¬ 
porate deployment and customization tools 
that you're already familiar with. ^ 

InstantDoc ID 99745 
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What benefits do quad-core processors 
offer to an IT admin building a 
virtualized infrastructure or large 
SQL Server installation? 

Fruehe: Virtualization loves two things 
more than all others—processor cores 
and memory. With the new Quad-Core 
AMD Opteron™ processors, customers 
building out a virtualized infrastructure 
have a larger pool of physical cores per 
socket with which to allocate across virtual 
machines. In addition, the integrated 
memory controller that AMD's Direct 
Connect architecture pioneered gives 
a virtual infrastructure a tremendous 
advantage over legacy front-side bus 
architectures by giving each processor its 
own memory controller and dedicated 
bank of memory. This prevents memory 
bottlenecks and improves virtualized 
performance and efficiency. 


What benefits can small-to-midsized 
businesses expect from quad-core 
processors? 

Fruehe: Small and mid-sized businesses 
tend to have a unique problem when 
it comes to IT infrastructure—growth. 
When a Fortune 100 company 
experiences massive growth, this could 
be characterized as 10% or more in a year. 
But it is not uncommon for small- and 
medium-sized businesses to double or 
even triple their size in a single year as 
the business really takes off. Because of 
the rapid growth in this segment, Quad- 
Core AMD Opteron processors make 
great sense. The ability of the processor 
to easily scale with the workload means 
that as demands go up, customers have 
the horsepower and scalability for their IT 
systems to keep pace with the demands 
of the business. When small and medium 
businesses are buying servers, the scariest 
part is not whether they are making the 
right choice or whether they can justify the 
expense—it's whether the server can keep 
pace with their needs. Nobody wants to 
buy a server today, only to have to replace 
it in a year when it is outgrown. 

Four-socket servers seem to have become 
a standard for virtualization—can you 
explain why this is the case? 

Fruehe: Four-socket servers have become 
the standard for virtualization because 
of the greater memory expandability that 
you see in these systems. Two-socket 
AMD Opteron processor-based platforms 
generally have 16 DIMM sockets that can 
accommodate 32GB to 64GB of energy- 
efficient DDR-2 memory. However, 
4-socket AMD Opteron processor designs 
regularly support 64GB and 128GB of 
memory; some systems can even scale 
to 256GB. For virtualization this makes 
a very powerful value proposition for the 
customer—more resources to share means 
better performance. Recently, we've seen 
an increase in the 8-socket AMD Opteron 
processor designs. Partners like Tyan and 
SuperMicro have had platforms available 


for quite some time and they continue to 
see demand for these larger platforms as 
virtualization continues to gain steam. In 
addition, HP has just released the ProLiant 
785 and Sun has been shipping the Fire 
X4600 as well—both 8-socket designs. 

With Microsoft® Windows Server®2008, 
Quad-Core AMD Opteron processors , 
and 8-socket servers from HP, Sun and 
Unisys it seems likex86 computing 
technology is challenging priority high- 
end servers. Can you say why the time is 
rightfor this to happen? 

Fruehe: This trend began several years 
ago and continues to expand each 
quarter. If you look at the RISC/UNIX 
market you will see that it is generally 
flat. Same for the Itanium market—it 
remains a niche that has never achieved 
critical mass. The driver here is not only 
hardware capabilities. Larger enterprise 
systems are solely purchased from a 
software perspective; the hardware, in 
many cases, is secondary. While the 
feature set of RISC/UNIX platforms has 
been very stable (i.e., unchanged) over 
the past few years, both x86 platforms 
and Windows Server products have 
continued to add performance, scalability 
and, most importantly, RAS features that 
allowed them to "close the gap" with 
these traditional systems. The ability for 
software developers to take advantage 
of the new hardware features like 64- 
bit memory addressing and multi-core 
technology opens up new areas of 
consideration. As Windows Server-based 
platforms continue to grow in capability 
we will probably see this trend continue. 

John Fruehe is the Worldwide Business 
Development Manager for Server/ 
Workstation products at AMD. Focusing 
specifically on distribution channel, reseller 
and system builders, John's team helps 
evangelize the benefits of AMD Opteron 
processors to AMD's key channel partners. 
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John Fruehe, 
Worldwide Business 
Development Manager, 
Server/Workstation 
Unit, AMD, talks 
about virtualization, 
SQL Server, and 
quad-core processors 


Does the move to the quad-core 
architecture and virtualized systems 
have unique benefits for SQL Server 
installations? 

Fruehe: Microsoft® SQL Server® derives 
tremendous benefits from Quad-Core 
AMD Opteron processors. Well-threaded 
applications like SQL Server will be able to 
harness the capabilities of the four directly 
connected cores, take advantage of the 
large, exclusive, shared level-3 cache in 
each processor, and exploit the individual 
memory controllers integrated into the 
processor. Because of the large memory 
requirements and higher utilization 
of typical database applications, most 
customers will probably choose to run 
SQL server in a native physical machine 
versus trying to virtualize the application. 
The footprint of database applications 
will probably prevent them from being 
virtualized by most customers. Those 
customers wanting to consolidate will 
more likely run multiple instances of SQL 
Server on a single physical server. 
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Minasi 

"When cave-diving into the registry, 
bring your brightest lamp." 


Adjusting Screen Resolution on Server Core 

Lacking a GUI, you'll need to dive into Regedit 


O ver the past few months in this column, we Ve discussed 
how to configure Windows Server 2008's Server Core. 
We've named the server, given it a DNS suffix, assigned 
static IP values, enabled Automatic Updates, added 
server modules, and set up remote administration. This 
month, let's change the display resolution—a simple 
task that becomes quite a challenge without a GUI. 

Ever since Windows 3.0, you've been able to easily adjust your 
computer's screen resolution: Simply right-click the desktop and 
access the personalization settings. However, in a GUI-less realm, 
you'll have to do a bit of registry cave-diving. 

Registry Dive 

Open Regedit—one of the few GUI tools that works on Server 
Core—and navigate to the HI<EY_LOCAL_MACHINE\SYSTEM\ 
CurrentControlSet\Control\Video key. Expand the Video key, as 
you see in Figure 1, and you'll see three subkeys whose names are 
GUIDs. When you set up a Windows computer, the system locates 
all relevant video driver/adapter pairs and gives them random 
GUIDs. (Long, random, hexadecimal strings are obviously much 
more straightforward than notations such as "SVGA driver on 
NVIDIA Adapter 1.") Under each GUID-named subkey is a 0000 
subkey. Inside one of those 0000 subkeys are the registry entries 
you're looking for—only one adapter/driver combination is actually 
functioning on your Server Core machine, and modifying any of the 
non-functioning ones won't accomplish anything. 


To find the one that you want, examine the contents of each 0000 
subkey, paying special attention to the Device Description entry. On 
my Server Core machine, the Device Description values are Standard 
VGA Graphics Adapter, RDPDD Chained DD, and VMware SVGA 
II. Because my Server Core system runs under VMware and I've 
installed VMware Tools, the 0000 subkey I'm looking for is the third 
one: VMware SVGA II. Be aware, however, that some drivers might not 
have a Device Description entry; on my Lenovo ThinkPad T61P laptop, 
for example, the registry's 0000 entries include the standard VGA and 
RDPDD entries, as well as a key containing not the Device Description 
entry, but a DriverDesc entry with the value NVIDIA Quadro FX 570M 
(which must be the one I normally use on my desktop). So, as always 
when cave-diving into the registry, bring your brightest lamp! 

After you locate the correct 0000 key, look for two REG_DWORD 
entries inside it: DefaultSettings.XResolution and DefaultSettings 
.YResolution. Changing these values will change your screen's width 
and height, but be sure to enter the values you want! When you 
double-click a REG_DWORD entry to change its value, the registry 
editor's Edit DWORD (32-Bit Value) editing dialog box lets you 
enter either decimal or hexadecimal, but it assumes you're entering 
hex. If you enter 1024, intending to specify a 1024 x 768 resolution, 
the value might show up as 4132 (the decimal value for 1024 hex). 
After rebooting your system, you might get a blank screen or—in 
rare cases—a destroyed monitor. So, before you exit Regedit, take a 
moment to look at the value it thinks you entered! 

Now, log off and log back on to see the new screen-resolution. 
Remember, the easy way to log off a Server Core machine is by typing 

shutdown -1 

Yes, that's a lowercase L, not the numeral 1. 

Oops? 

If the change didn't work, you can try a few things. First, double¬ 
check the Device Description value in the 0000 key that you chose. 
Sometimes, I see more than one 0000 that refers to my video-card 
type. Second, double-check the width and height entries for 
improper hexadecimal values. Finally, remember that you won't see 
the change until you log off and log back on. ^ 

InstantDoc ID 99565 


MARK MINASI (www.minasi.com/gethelp) is a senior contributing editor 
for Windows IT Pro, an MCSE, and the author of 25 books. 
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BlackBerry, 


Going Mobile 

To compete in today's marketplace, it's not enough to be 
efficient on your home turf. Successful enterprises understand 
that knowledge workers must be able to do their jobs from 
more than one location. Going mobile-which encompasses 
much more than just mobile email access-can improve 
productivity, reduce costs and boost your bottom line. 

According to a recent industry report, "by 2009,70% of knowledge work will - depend on a 
wireless and remote access infrastructure." The mobile era isn't the future: it's right now, and it's 
fundamentally changing the way work is done. The wireless revolution is not just about adapting 
applications so they can be used remotely. It's ultimately about adopting entirely new applications 
that will reshape the way you do business. 

The Mobilization Curve 

Revolutions don't happen overnight, and an organization typically passes through several stages 
along the mobile maturity curve. 

In the beginning, a few early adopters typically request mobile devices to suit their individual 
needs. Eventually the IT department consolidates this activity, usually for reasons of security and 
cost control. At this point, the company standardizes on a wireless platform and makes decisions 
about the handheld devices employees will use. 

The next stage normally involves responding to individual lines of the business. These requests 
generally come from people who perform repetitive tasks in the field (such as sales reps) and 
realize that mobile applications would make them more efficient. 

In the final stage, the wireless environment becomes fully integrated into daily business activities. 
Getting to this level of mobility may involve "thick apps," or versatile applications that can perform 
a wide range of mobile tasks. 




The Whys of Wireless 


Going mobile is an important decision for any business, and 
it's worth taking the time to look at the specific ways mobility 
will pay returns on your investment. What exactly are the goals 
of an increasingly distributed business environment? 

Increased productivity. 

Sharing information across the enterprise and decentralizing decision-making can result in 
fewer repeated tasks, making a business more productive and more profitable. 

Reduced costs. 

Mobile technology can allow employees to perform tasks in less time, and this increased 
efficiency reduces operating costs. 

Better customer service. 

Mobile technology can allow employees to react more quickly to customers' concerns because 
they do not have to return to the office. This can build better relationships with the most 
important people to your enterprise. 

These "whys of wireless" are nothing new. The key is leveraging your wireless platform in a way that 
will enable you to realize these benefits by intelligently mobilizing the right applications, in the 
right way, and getting them into the hands of the right people. 
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BlackBerry, 


Getting Started 

A company's first successful attempt at mobilization will 
provide proof that the concept works. It's crucial to involve 
leaders and employees in this decision process: users need 
to embrace the change or it will not succeed. 

Before your enterprise goes mobile, it's important to consider exactly how mobile applications will 
fit into your business activities. Consider these questions as you develop your mobility plan: 

• Is the activity you want to mobilize critical to your business? 

• Do you need real-time access? 

• Where does the real value of mobility come from: increased sales, customer satisfaction or 
something else? 

• Where will employees be when they access the information? Are these locations 
predictable? 

• Will they have celluar or Wi-Fi® access at all times, even during transit? 

• What kinds of tasks will employees need to perform? Are they simply responding to short 
messages, or will they need to perform more complex tasks? 

• Is the user having to find and get to new and different locations? 


When deciding which aspects of your business to mobilize first, identify the "sweet spots" where 
the greatest benefits can be realized. This may include applications where saving time would 
bring major payoffs in customer satisfaction, cost reduction or efficiency. It might also include 
areas where key data resides outside of the enterprise, or is inaccessible to employees in the 
field. A common example is the mobile sales rep who wants to check inventory or review order 
status while visiting a customer. 




Mobility Profiles 


A successful mobility environment is planned in advance and does not simply respond to individual 
requests. One of the most important steps in a mobilization plan is profiling the different categories 
of workers in your enterprise to determine their priorities and the mobile solutions that will meet 
their needs. Here are some examples: 


PROFILE 

PRIORITIES 

MOBILE SOLUTIONS 

LOCATIONS 

Needs selective 
information 

Staying informed of industry and 
organizational news 

Business intelligence and selective 
push information 

Air travel 
locations, 
commuting, office 
and non-office 

Responding to immediate opportunities or 
crises 

Reliable, systematic communication 
systems, alerts and notifications 

Reducing administrative burden and delays 

Workflow automation 

Needs to 
be highly 
responsive 

Maximum responsiveness and efficient 
planning to qualify requests while on the 
move 

Automated system for alert/ 
response systems and 
knowledge systems 

Gampus, home, 
travel 

Reducing administrative burden and time 
required to update corporate systems 

Workflow automation and access to 
tracking systems 

Staying informed of industry and 
organizational news 

Push-type information on relevant 
topics 

Needs 

organizational 

knowledge 

Making qualified, timely decisions 

Access to knowledge systems 

Travel, vehicle, 
home and office, 
non-office 

Reducing administrative burden and time 
required to update corporate systems; 
making use of downtime 

Workflow automation 


Staying informed of organizational and 
product information 

Push-type information on relevant 
topics 


Needs to 
capture 
and respond 

Flexibility and speed in capturing 
information 

Structured forms and mobile input 
systems 

Industrial and 
retail sites, home 
and office 

Keeping clients and partners informed 

Access to knowledge systems 

Reducing administrative burden and delays; 
making use of downtime 

Workflow automation 

Needs to be 
alerted 

and informed 

Responding to situations or crises 

Reliable, systematic 
communication, alerts and 
notifications 

Outdoors, public 
facilities, urban 
and rural locations 

Access to information for on-site decision¬ 
making 

Access to organization knowledge 
system 

Reducing administrative burden and delays; 
making use of downtime 

Workflow automation 

Getting around quickly and easily to 
coordinate with team members 

GPS and location-based services 


In the mobile world, one size fits none: if your business has several of the above profiles,you cannot tailor 
your mobile plan to just one of them. Each worker profile has a unique set of needs in terms of application 
software. Understanding these unique needs is key to successfully implementing your strategy. 
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BlackBerry 


Choosing Applications 

Most people are familiar with using email, web browsers and 
Personal Information Management (PIM) on handheld devices, 
but a successful mobility plan will move well beyond these basics. 

Mobile enterprise applications can be used for and endless array of tasks, including: 

• Field force automation • Telemetry and remote monitoring 

• Remote systems administration • Supply chain and inventory management 

• Sales force automation • Fleet management 

• Third-party corporate databases 

Build vs. Buy 

Once an enterprise determines which applications it wants to take mobile, it will have to make a 
"build or buy" decision. Can the IT department create the necessary mobile application in-house, or 
is it more cost-effective to hire an external developer to build it? Is it possible to use a less expensive 
out-of-the-box solution, or is a custom application required? 

Staying Secure 

Safeguarding the integrity, confidentiality and authenticity of your corporate data is an essential part 
of any mobility plan. If your data can be compromised, you need to re-think your wireless solution and 
strategy. It is imperative that your business choose a wireless solution that is designed to be secure and 
that protects your data through the use of a standards-based encryption scheme, both in transit and at rest. 

The Architecture of Mobility 

What kind of infrastructure will your enterprise need to successfully implement your mobility plan? 
What types of applications and data access will your employees require, and how will individual team 
needs differ? Flow can you be sure that your corporate data is secure in the wireless environment? 
The answers to these questions are as unique as your organization. Not sure where to begin? 

Access BlackBerry® solution offers designed to get your organization up and running with a 
wireless solution quickly and efficiently. Access current offers at www.blackberry.com/go/offers 

If a more consultative approach is required, Research In Motion (RIM) has a dedicated team of 
professional services consultants who can provide you with their expertise and help you optimally 
deploy wireless technology using the BlackBerry® Enterprise Solution. 





Your people are on 
the move. 

Send your applications 
with them. 



Give your mobile workers a new perspective on mobility 

The BlackBerry® Enterprise Solution keeps your mobile employees in touch with the 
information, customers and colleagues that drive your business. Whether email, calendar 
and PIM, or mobile extensions of your CRM, field service, business intelligence or 
collaboration tools, the BlackBerry Enterprise Solution offers everything you need to 
mobilize your organization. Designed with security and flexibility in mind, the BlackBerry 
Enterprise Solution provides a proven, secure, open architecture for globally extending 
wireless communications and corporate data to mobile users. 



To learn more how the BlackBerry solution can help mobilize your business with the 
critical applications you need most, visit: blackberry.com/go/mobilizeyourbusiness 


BlackBerry. 


©2008 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, SureType® and related trademarks, names and logos 
are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. 


























BlackBerry, 


The BlackBerry Solution Advantage 

The BlackBerry Enterprise Solution is a comprehensive platform, 
designed to meet your organizations needs to mobilize enterprise 
applications and systems. Discover the possibilities for your 
business. 

The BlackBerry Enterprise Solution supports leading enterprise email platforms, back-end systems 
and applications from a wide range of vendors. You can select the wireless devices that best suit your 
needs, from award-winning BlackBerry® smartphones to BlackBerry-enabled devices. You'll also 
enjoy maximum flexibility: you have the ability to access multiple wireless network technologies, 
devices, messaging servers and enterprise systems using BlackBerry® Enterprise Server. 

Easy to deploy, easy to manage 

With the BlackBerry Enterprise Solution, organizations can benefit from deployment and 
management features that simplify its administration. 

• Role- and group-based administration capabilities - Help reduce security and 
operational risks and administrative overhead by delegating permissions by role and creating 
administrative user groups. 

• Over-the-air wireless IT policy enforcement - Provides a fast, cost-effective method for 
supporting users and managing corporate policies remotely so users don't have to go without 
their devices and IT does not have to have user devices in hand to make changes. 

• Track key device statistics - Easily monitor third party applications loaded, IT policies 
applied, device models, Personal Identification Number (PIN), software versions and serial 
numbers. 

• BlackBerry® Web Desktop Manager - A web-based application that is designed to lower 
the total cost of ownership for the BlackBerry Enterprise Solution by reducing the number 

of BlackBerry software components installed on end-user workstations and allowing 
BlackBerry smartphone users to install software and manage their devices using any 
browser-enabled computer. 

• BlackBerry® Monitoring Service - Helps organizations maintain high availability and 
high performance of their BlackBerry Enterprise Solution infrastructure by providing 
administrators with enhanced monitoring, alerting, troubleshooting and reporting 
capabilities and enabling proactive issue identification and resolution. 
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Lowest TCO of Mobile Enterprise Solutions 

The BlackBerry Enterprise Solution allows organizations to keep their employees connected to the 
information and people that matter, while still benefiting from a low overall Total Cost of Operation (TCO). 

• Lower device costs - BlackBerry smartphones can be purchased at competitive or lower 
costs and with competitive service plan rates when compared with other device offerings. 

• Lower bandwidth - Efficient use of bandwidth and airtime on wireless networks can translate 
into lower costs for organizations. 

• Leverage of existing investments - Standards-based protocols and development tools help 
ensure that practically any enterprise application, infrastructure or system can be wirelessly 
enabled without being rebuilt or replaced. The BlackBerry Enterprise Solution has become 
more than a critical communications tool for the executive, it is an enabler of change across 
the entire workforce. 

Secure 

The BlackBerry Enterprise Solution was created with corporate data security in mind. 

• End-to-end Advanced Encryption Standard (AES) or Triple Data Encryption Standard 
(DES) - Helps ensure the confidentiality and integrity of wirelessly transmitted information 
from behind the firewall to wireless devices in the field. 

• Over-the-air wireless IT policy enforcement and commands - Help define and wirelessly 
enforce security settings on devices, as well as impose device lock-down or wipe data from 
lost or stolen devices. 

• Optional Secure Multipurpose Internet Mail Extensions (S/MIME) and Pretty Good Privacy 
(PGP) support - Wirelessly sign and encrypt messages between senders and recipients, 
designed to provide privacy and non-repudiation. 

• Available BlackBerry® Smart Card Reader - Helps create a secure, two-factor authenticated 
environment for granting access to the BlackBerry smartphone and Public Key Infrastructure 
(PKI) applications. 

• Federal Information Processing Standard (FIPS) 140-2 validated encryption technology 

- The BlackBerry Enterprise Solution meets strict U.S. government and military encryption 
standards. 

It's not surprising that the BlackBerry solution is used globally by large enterprise, government and small 
and medium business. It provides the infrastructure, security and features to empower lines of business 
with wireless access to a range of critical business information - email, organizer data and voice, as well 
as business analytics, Customer Relationship Management (CRM) and other business applications. The 
BlackBerry wireless solution is ideal to keep organizations connected and collaborating. 
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BlackBerry 


Get It Right The First Time 

With world-class knowledge of mobile technology and deep 
business experience, the RIM Professional Services group 
can help turn an investment in wireless mobility into a key 
strategic enabler. 

Let the RIM Professional Services group help your organization minimize development time and 
cost while maximizing return on investment for mobile solutions by addressing three key areas: 

• Architecture Services - Help organizations design and build the mobility platform that is 
right for them, optimizing the infrastructure and staff they require as they go forward. 

• Application Services - Help organizations design and implement BlackBerry applications to 
get the most from their mobility platform. 

• Business Services - Help organizations develop and implementa mobility strategy that helps all 
levels of an organization commit to turning mobility into a core business advantage. 

Beyond Email 

As you move beyond email with the deployment of your BlackBerry solution, you want to be sure of 
your ability to respond quickly, easily and effectively to change. The RIM Professional Services team 
can help your organization create: 

• Business process review and mobility best practices 

• Mobile messaging and enterprise applications 
•Application reviews 

• Performance management programs 

• Change management and process evaluation 

• Formal mobility structure 

• Usage policies 

• Coordinated integration 

• Easier, accurate data access 

Using a structured approach, the RIM Professional Services team can help guide you through a 
discovery process that assists in focusing your mobility strategy on the areas that will pack the 
most impact for your business including a review of your messaging and collaboration systems, 
BlackBerry Enterprise Server, application databases and other BlackBerry components. At the same 
time, they employ best practices change management methods to smooth the transition. To learn 
more about RIM Professional Services, visit www.blackberrv.com/qo/professionalservices 
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Promotional Offers 


Get started with promotional offers designed to make it 
easy evaluate a BlackBerry solution, before you invest. 
Deliver ease-of-use and increased mobility to your users 
with a minimum of effort. 

Learn more at www.blackberrv.com/qo/offers 

More About Mobilit y 

You can download an electronic version of this paper by visiting the following link: 

http://www.windowsitpro.com/go/ApplicationMobilization 


If you would like to learn more about how your enterprise can develop mobile policies, download this 
paper's companion piece, "GOING MOBILE: Developing an Effective Corporate Mobile Policy." 
This paper is available at: 

http://www.windowsitpro.com/go/CorporateMobilePolicy 


This material, including all material incorporated by reference herein or made available by hyperlink, is provided or made accessible "AS 
IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation or warranty of any kind by Research In Motion 
Limited and its affiliated companies ("RIM") and RIM assumes no responsibility for any typographical, technical, or other inaccuracies, 
errors or omissions in this material and shall not be liable for any type of damages related to this material or its use, or performance, or 
non-performance of any software, hardware, service, or any references to third-party sources of information, hardware or software, products 
or services including components and content such as content protected by copyright and/or third-party web sites (collectively the "Third 
Party Products and Services"). When you subscribe to Third Party Products and Services you accept that: 1. It is your sole responsibility to: 

(a) ensure that your airtime service provider will support all features; (b) identify and acquire all required intellectual property licences prior 
to installation or use and to comply with the terms of such licences; 2. RIM makes no representation, warranty or guarantee and assumes no 
liability whatsoever in relation to Third Party Products or Services. 

Certain features outlined in this document may require a minimum version of BlackBerry Enterprise Server, BlackBerry Desktop Software, 
BlackBerry Device Software and/or additional RIM/BlackBerry software. Check with service provider for availability, roaming arrangements, 
service plans and features. 

The limitations and exclusions herein shall apply irrespective of the nature of the cause of action and in no event shall any director, employee, 
agent, distributor, supplier or independent contractor of RIM have any liability related to use of the material. 

© 2008 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, SureType® and related trademarks, names 
and logos are the property of Research In Motion Limited and are registered and/or used as trademarks in the U.S., Canada and countries 
around the world. Wi-Fi® is a trademark of the Wi-Fi Alliance. All other trademarks are the properties of their respective owners. 
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Your business is 
going mobile. 

Are you equipped 
to manage it? 



The BlackBerry® Enterprise Solution puts you in control 

The number of mobile workers is on the rise everywhere. And increased mobility also 
increases the potential for risk as handheld devices with sensitive data can be lost, 
stolen or compromised. With more than 400 published IT policies, the BlackBerry 
Enterprise Solution enables administrators to maintain fine-grained control over their 
wireless deployment-through intuitive, comprehensive IT policy management tools. 


Welcome to the BlackBerry solution advantage. To learn how the BlackBerry solution 
can help mobilize your business visit : www.blackberry.com/go/mobilizeyourbusiness 

BlackBerry. 



©2008 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, SureType® and related trademarks, names and logos 
are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. 
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Otey 

"Although there's some additional CPU 
overheard when you use compression, 
the reduced I/O can speed up queries 
and reduce backup times." 



SQL Server 2008 New Features 

Use these features to better manage your SQL Server environment 


QL Server 2008, Microsoft's data platform of the future, 
includes a host of new features that IT professionals need 
to know about. Some of SQL Server 2008's new features 
enhance its scalability, security, and productivity. Other 
features are designed to improve database administra¬ 
tion and provide better data accessibility for end users. 
Let's explore ten of my favorite SQL Server 2008 features. 

C **\ New data types —The DATE and TIME data types are two of 
) the most overdue new features in SQL Server 2008. You can 
use the DATE and TIME data types to split your date and time 
information into separate and distinct columns in your database. 
SQL Server 2008 also includes a new FILESTREAM data type for 
large object data, as well as new GEOGRAPHY and GEOMETRY 
spatial data types for mapping applications. 

O T-SQL IntelliSense and debugging— Two features that were 
originally supposed to be in SQL Server 2005 but didn't make 
it into that release are support for T-SQL IntelliSense and 
debugging from within Query Editor. SQL Server 2008's IntelliSense 
provides T-SQL syntax checking and database object prompting. 
The integrated debugging feature lets you set breakpoints; single 
step through T-SQL code; and view the Locals, Call Stack, and Quick 
Watch windows. 

O Microsoft Office 2007 integration— SQL Server 2008's 
enhanced integration with Office 2007 lets users create data- 
base-enabled reports directly from Microsoft Word 2007 or 
Excel 2007. These reports can then be published and shared with 
other users via Microsoft Office SharePoint Server (MOSS) 2007 or 
Windows SharePoint Services. 

O Revamped SQL Server Reporting Services —SQL Server 2008 
Reporting Services (SSRS) provides significantly improved 
report rendering performance. In addition, SSRS's Report 
Designer has been enhanced and Microsoft has provided improved 
charting components. 

O Filtered indexes— SQL Server 2008's filtered index support lets 
you more efficiently index columns containing sparse data. 
The filtered indexes functionality lets SQL Server 2008 indexes 
ignore rows with no data and include only those rows in which there 


are valid data values, which can improve access time for sparsely 
populated indexes by an order of magnitude. 

O Transparent data encryption— Although previous versions of 
SQL Server have offered cell-level encryption, using it required 
special application coding. SQL Server 2008's transparent data 
encryption (TDE) lets you encrypt one or more databases without 
having to make changes to the application code. 

O Database and backup compression— SQL Server 2008 sup¬ 
ports two levels of lossless data compression: table-level 
and database-level. Although there's some additional CPU 
overhead when you use compression, the reduced I/O can speed 
up queries and reduce backup times. 

O Change data capture— This feature can quickly show a mea¬ 
surable ROI for your SQL Server 2008 migrations. Many data 
warehousing and distributed data scenarios require custom 
coding to capture daily changes and send those changes to one or 
more target systems. Change data capture (CDC) can automatically 
capture all database changes, letting you keep your distributed sys¬ 
tems up-to-date without having to perform custom coding. 

O Policy-Based Management —Policy-Based Management lets 
DBAs create server and database policies that facilitate the 
central management of multiple remote SQL Server systems 
and enforce the use of corporate standards. For example, DBAs 
could create policies that enforce the use of standard database object 
naming conventions across your organization. 

O Resource Governor— Arguably the most important new fea¬ 
ture in SQL Server from an enterprise standpoint, SQL Server 
2008's Resource Governor lets DBAs control server resource 
utilization for different types of workloads. For example, the Resource 
Governor can prevent poorly constructed user-created queries from 
adversely affecting the overall performance of the server by limiting 
the CPU and memory resources allocated to those queries. ^ 

InstantDoc ID 99691 
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This stellar 3-day conference features strategic and technical 
workshops and unique interactive sessions with Microsoft and top 
technical visionary experts. Equip yourself and your team to align 
important new trends and technologies to achieve your near- and 
long-term objectives. Unravel the mythology and hype, and 
implement a secure and manageable dynamic enterprise. 
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windowsitpro.com 


Be Part of a Windows IT Pro 
Cover Story 

The Reader to Reader (R2R) section is writ¬ 
ten for IT pros by IT pros. That's what makes 
it such a hit among Windows IT Pro readers 
and website visitors. To showcase the 
talent and creativity of these IT pros, we're 
planning to feature the most interesting 
R2R write-ups in a cover story. 

So, if you've come up with a creative 
shortcut, solved a plaguing problem, 
turned a tedious task into an effortless one, 
or come across information other IT pros 
should be aware of, let us know about it. 
You don't need to be a skilled writer. We 
have editors who will turn your write-up 
into polished prose. All you need to do is 
tell us in 1,000 words or less what prompt¬ 
ed you to come up with the shortcut, solu¬ 
tion, or streamlined task and how it works. 
If you're sharing information, let us know 
how you came across that information. You 
can send your R2R write-up (or write-ups if 
you'd like to send more than one) to r2r@ 
windowsitpro.com. 

We'll be sending all the R2R write-ups 
we receive in the next few months to our 
technical editors, who will decide whether 
to accept them for publication. A panel will 
then review all the accepted R2R submis¬ 
sions and select the most interesting write¬ 
ups for the cover story. The accepted R2R 
write-ups that aren't selected for the cover 
story will be printed in the R2R section in 
future Windows IT Pro issues. Whether an 
R2R write-up is part of the cover story or 
printed in the R2R section, the author will 
receive $100 when it's published. 

Send your R2R write-up to us today! 



Microsoft Virtual PC 2007 is No. 4 on 
Mike Otey'sTOP 10 list of free virtualiza¬ 
tion products (windowsitpro.com/ 
article/articleid/98221 /98221 .html). 
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How to Access Directory Services 
Restore Mode on a Remote DC 

Our company has a large Windows Server 
2003 Active Directory (AD) environment. 
Recently I noticed that a domain control¬ 
ler (DC) in one of our branch offices was 
reporting AD errors. Past experience told 
me that the errors were most likely due to 
data corruption in the AD database. 

The steps you'd typically follow to fix the 
problem would be to boot into Directory 
Services Restore Mode and use the Ntdsutil 
tool to check the database's integrity. How¬ 
ever, the problematic DC was in Sydney, 
Australia, and it was after hours there, so 
no one was available locally to help me 
troubleshoot. My only access to the DC was 
through Windows Server 2003 Terminal 
Services. 

If you modify the 
boot.ini file, you 
can restart the 
server in Directory 
Services Restore 
Mode. 

To access Directory Services Restore 
Mode, you typically press F8 prior to the 
machine booting into Windows, then 
select the Directory Services Restore 
Mode option from the menu that 
appears. Obviously, this wasn't possible, 
but a colleague reminded me of a neat 
workaround. If you modify the boot.ini 


file, you can restart the server in Directory 
Services Restore Mode so that you don't 
lose the connection when the DC 
restarts. 

Here are the steps you can follow to 
get into Directory Services Restore Mode 
remotely through RDP and run the Ntdsutil 
tool: 

1. On your machine, select Run from 
the Start menu, type Mstsc/console, and 
click OK. 

2. Type the IP address or Fully Qualified 
Domain Name (FQDN) of the server you 
want to connect to. 

3. Log on to the server using the Active 
Directory account. 

4. On the DC, select Run from the Start 
menu, type sysdm.cpl, and click OK. 

5. On the Advanced tab, click Settings 
in the Startup and Recovery section. 

6. Click Edit.This opens the boot.ini file 
in Notepad. 

7. Add the following line to the end of 
the boot.ini file: 

/SAFEBOOT:DSREPAIR 

Save and close the boot.ini file. 

8. Reboot the server. 

9. After waiting a few minutes, perform 
steps 1 and 2 again. 

10. When you reconnect, the server 
should state that it's in safe mode. Log on 
using the Local Administrator account (not 
the Active Directory account). 

11. Open a command prompt window, 
type Ntdsutil, and press Enter. 

12. Type Files and press Enter. 

13. Type Integrity and press Enter. Win¬ 
dows will examine the database and will let 
you know the outcome. 

14. After you're done with Ntdsutil, type 
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q and press Enter to exit 
Files. Type q and press En¬ 
ter again to exit Ntdsutil. 

15. Before rebooting, 
it's important that you 
change the boot.ini file 
so that the DC boots 
in normal mode. Open 
boot.ini by repeating 
steps 4 through 6. 

Remove the last line 
(/SAFEBOOT:DSREPAIR) that you added 
earlier. Save and close the boot.ini file. 

16. Restart the DC. 

Fortunately for us, the integrity check 
came back OK. Just having the database 
offline and running the Integrity command 
fixed our problem. If you're not as fortunate, 
some file management commands that 
you might find useful are Recover, Repair, 
and Compact to %s. You'll need to do some 
research on these commands before using 
them. Besides typing ? at the command 
prompt to access the tool's Help file, you 
can check out the Microsoft articles 
"Managing Active Directory Files" (www 
.microsoft.com/technet/prodtechnol/ 
windows2000serv/reskit/distrib/dsf1_ 
utl_wgzt.mspx?mfr=true) and "Ntdsutil" 
(technet2.microsoft.com/windowsserver/ 

en/library/91559a2b-b666-442c-bdd2- 

df4b7c46983c1033.mspx?mfr=true) . 

—Stefan Fagerholm, enterprise AD 
administrator, Milliman 
InstantDoc I D 99799 

Virtual PC 2007 Mouse Integration 
Fixfor Win98 

One of my customers has a legacy client/ 
server accounting application whose 
desktop client runs only on Windows 98. 
Although the accounting application pales 
in comparison to today's full-featured ERP 
suites, it has a capable server-side data¬ 
base engine and it meets the company's 
needs. 

For the past two years, I've helped 
the company keep its accounting ap¬ 
plication in production by migrating the 
Win98 desktop to Microsoft Virtual PC 
2007 on Windows XP Professional hosts. If 
you've performed physical to virtual (P2V) 
migrations, you're probably aware of the 
challenges associated with them. Each mi¬ 
gration seems to have its own personality 


and associated obstacles to 
overcome. In the Win98 P2V 
migrations, the obstacle was 
getting the mouse integra¬ 
tion feature to work. 

Mouse integration lets 
you seamlessly move the 
mouse pointer between 
the virtual machine (VM) 
window and the host's 
desktop. If you don't have 
mouse integration, you must hold down 
the keyboard's right Alt key to get the 
mouse to move outside of the VM. This is 
rather bothersome if you use the VM like a 
program window. 

To get the mouse integration feature, 
you need to install Virtual PC 2007's Virtual 
Machine Additions in yourVM after the VM 
is up and running. Mouse integration has 
always worked for me for every Windows 
OS running in Virtual PC 2007, except 
Win98. It even had worked in my own 
Win98 VM until I uninstalled and reinstalled 
Virtual Machine Additions while doing 
some diagnostic work. (I personally have a 
Win98 VM for those occasional Symantec 
pcAnywhere support sessions or Win98- 
only classic games.) Since then, I spent 
hours uninstalling and reinstalling Virtual 
Machine Additions and 
looking for the reason 
why mouse integration 
didn't work, but to no 
avail. I even discussed 
the problem with Micro¬ 
soft Customer Service 
and Support (CSS) and 
a Microsoft product 
manager. In both cases, 
the reply was something 
to the effect of,"Win98 
is no longer a supported OS.. .but mouse 
integration works for us." 

Recently, the same customer asked me 
to do another Win98 P2V migration.To my 
complete astonishment, after installing Vir¬ 
tual Machine Additions, mouse integration 
worked on the VM. Now I had something to 
work with for comparative purposes. 

The details of the comparative diag¬ 
nosis are long and boring, so I'll spare you 
the minutiae and get right to the solution. 
The code that makes mouse integration 
work is in the VM's C:\Windows\system 
.ini file. Apparently, a bug in the Virtual 


Machine Additions installation routine 
sometimes rears its ugly head when the 
code is installed into Win98 VMs. To fix the 
bug, you can use Notepad or edit.com to 
edit the system.ini file's [boot.description] 
and [boot] sections. Here are the edits you 
might need to make: 

• If the line 

mouse.drv=hostmaus.drv 

is in the [boot.description] section, move 

it to the [boot] section. 

If the line 

HOST.MOUSE.DRV=Microsoft Mouse 

is in the [boot.description] section, delete 

it. Add the line 

HOST.MOUSE.DRV=mouse.d rv 

to the [boot] section. 

• If the line 

mouse.drv=Standard Mouse 

is missing in the [boot.description] sec¬ 
tion, add it. 

Note that you need to 
enter these lines exactly 
as shown. In addition, 
don't change any of the 
other lines in the [boot] and 
[boot.description] sections. 

I entered a line incorrectly 
at one point in my testing. 
As a result, when Win98 
started to boot, it hung 
with an error report of 
"...Windows 98 could not 
start. Please reinstall Windows...." To fix 
the problem, I had to use edit.com from 
DOS to open the system.ini file and make 
a correction. Afterward, Win98 booted 
without any problems. 

Before you edit the system.ini file, I 
recommend that you back up the system 
.ini file. That way, if needed, you can restore 
the .ini file in its original condition from 
a Win98 DOS prompt (i.e., press F8 when 
Win98 starts to boot and select option 5, 
"Command Line"). ^ 

—Bret Bennett, president, BRET A. BENNETT 
InstantDoc ID 99775 
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ASK THE EXPERTS ■ 



DPM 

Control Panel 


■ Active Directory 

■ Security 


Q: What is System Center Data 
Protection Manager (DPM) 
2007? 

A: DPM 2007 is Microsoft's backup 
and recovery platform that offers 
both continuous backup and 
tape-based archiving. DPM 2007 
offers share-level and volume-level 
protection for Windows servers and 
desktops. This version also backs 
up and restores information for Ex¬ 
change Server, SQL Server, Microsoft 
Office SharePoint Server (MOSS), 
as well as servers running Virtual 
Server 2005 R2 SP1 or Hyper-V. Each 
protected server's DPM agent sends 
data changes and application-trans¬ 
action information (e.g., Exchange 
transaction logs) to the DPM server 
according to a defined schedule. You 
don't have to configure DPM 2007 to 
gather specific information; you just 
input which application to protect, 
and DPM knows which files to cap¬ 
ture to protect relevant data. 

DPM offers various data-protec- 
tion topologies. The most popular 
is using DPM-accessible attached 
storage, or iSCSI- or fiber-connected 
SAN-based storage to back up 
system data. You can periodically 
write these backups to tape for 
archiving, or even use DPM to write 
directly to tape without any DPM disk 
usage. However, writing DPM directly 
to tape gives the poorest restoration 
experience and limits DPM's self¬ 
restoration features. 

Data restoration with DPM is easy 
because its application knowledge 
allows granular restoration. For 
example, you can restore Exchange 
storage group data, a store, or even 
an individual mailbox. Another cool 
DPM 2007 feature is bare-metal 
restoration, which lets you recover a 
system that won't start. 

—John Savill 

InstantDoc ID 99730 


ANSWERS TO YOUR QUESTIONS 



Q: How do I search within Win¬ 
dows Vista Control Panel for the 
functionality I need? 

A: As you can with nearly all elements of 
Vista, you can search within Control Panel. 
However, search functions in different 
ways depending on the Control Panel 
mode you're using. If you're in Control 
Panel's Classic mode and perform a search, 
the system searches only the names of 
Control Panel applets; so, searching for the 
term "monitor" will yield no results. 

If you instead use Control Panel's 
Home mode, the search now uses more 
knowledge of Control Panel and tagged 
metadata to obtain more detailed and 
accurate results. I recommend that if you 
want to search for Control Panel function¬ 
ality, always ensure that you're in Control 
Panel's Home view. 

—John Savill 

InstantDoc ID 99731 

Q: In Active Directory (AD), you can 
restrict which computers a user 
can log on to by clicking the Log 
On To button on the Account tab 
in the user's properties. However, I 
want to set machine logon restric¬ 
tions for all the members of our 
Sales Department group. It would 


take a fair amount of work to set 
these restrictions manually in the 
properties of all the individual user 
accounts. What's the easiest way to 
set machine logon restrictions for 
an entire group? 

At Machine logon restrictions can't be set 
in the properties of an AD group object. 
However, you can select multiple users 
at once from the Microsoft Management 
Console (MMC) Active Directory Users and 
Computers snap-in and open their proper¬ 
ties. Select each member of the Sales 
Department group while holding down 
the Control key, or click the first user in 
the list, hold down the Shift key, and then 
click the last user in the list. Then click the 
Log On To button on the Account tab and 
enter the DNS or NetBIOS names of the 
computers from which members of the 
Sales Department group can log on in the 
Logon Workstations dialog box. 

—Jan De Clercq 

InstantDo c 99732 

Q: How can I restrict a user to 
logging on from only a specific 
computer? 

At The easiest way is to use the Log On 
To account policy in the user's account 
in Active Directory (AD). Open the user's 
account properties in the Microsoft Man¬ 
agement Console (MMC) Active Directory 
Users and Computers snap-in. Select the 
Account tab and click Log On To. Then, 
click Logon Workstations, select The fol¬ 
lowing computers, enter the name of the 
workstation you want to restrict the user 
to, and click Add. ^ 

—Randy Franklin Smith 

InstantDoc ID 99733 
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Let SCVMM 2008 
Manage It ALL 

A s server virtualization becomes more popular, IT professionals are quickly 
realizing that migrating some of their company's resources to a virtualized 
infrastructure is only part of the challenge. After virtualizing the resources, 
you have to manage them—and handling virtualized servers isn't the same as 
administering physical servers. A physical host server and perhaps a host OS 
add an extra layer or two of software between virtual machines (VMs) and the 
real world. You can create, alter, and remove VMs with a speed and flexibility that's unheard 
of compared with what you can do with physical servers, but traditional toolsets don't have 
the facilities to handle this added coating of complexity. 

Microsoft created System Center Virtual Machine Manager (SCVMM), which is a com¬ 
ponent of the company's suite of System Center products, to manage a virtual infrastructure; 

SCVMM 2008 improves on the original version. SCVMM was designed to integrate into 
System Center Operations Manager (SCOM) 2007 SP1, and if you're already using SCOM 
you can take advantage of a significant new feature in SCVMM 2008 to optimize your virtual 
resources. 

If you've installed the Hyper-V role on Windows Server 2008 and are already using 
Hyper-V Manager, you might wonder whether SCVMM 2008 can benefit you. Hyper-V 
Manager provides a simple interface that lets you control the configuration of VMs, one 
machine at a time. You can create a VM, start it, change its settings, take snapshots of it, 
export it, import it, stop it, and delete it. SCVMM does all that and far more. 


There's more to 
virtualization 
than just 
virtualization 

by Sean Deuby 


■ Did You Know? 

The OS-independent VMware 
ESXi hypervisor is now available 
for free; download a copy at 
www.vmware.com/download. 
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SCVMM 2008 Features 

SCVMM is a solution for all aspects of 
managing a virtual infrastructure. New 
features in SCVMM 2008 include Hyper-V 
integration, Performance and Resource 
Optimization (PRO) and SCOM integra¬ 
tion, VMware ESX Server support, a new 
delegated administrator role, and cluster 
support. 

Hyper-V integration . One of the most 
significant new attributes of SCVMM 2008 is 
Hyper-V integration. Hyper-V is Microsoft's 
virtualization technology that uses a hyper¬ 
visor—a thin layer of software between the 
hardware and the OS that lets multiple OSs 
run on a host computer at the same time. 
Hyper-V features 64-bit architecture and 
therefore 64-bit VM support, multiprocessor 
VMs, and virtual switched networking— 
which is a big step beyond Microsoft Virtual 


Server 2005. SCVMM 2008 manages all 
aspects of Hyper-V hosts and VMs. 

PRO and SCOM. SCVMM 2008 has a 
useful feature in its PRO package, which tack¬ 
les the problem of balancing VM loads across 
multiple servers. PRO is tightly integrated 
with SCOM and requires SCOM to function. 
You must install SCOM agents on all hosts 
and VMs, and you must also install SCVMM 
2008 and PRO management packs. With 
PRO in place and configured, SCOM will 
pass alerts on to SCVMM 2008. A PRO "tip" 
noting the problem and a recommended 
action appears on the SCVMM console. You 
can either manually approve the tip so that 
PRO executes it, or, if you set auto-approve, 
let PRO take action on its own. 

A popular example of a common 
resource-management challenge is when 
a VM runs out of resources because a host 


becomes overloaded. SCOM detects the 
overload, passes it to SCVMM 2008, and 
generates a PRO tip indicating that you 
should move the VM to another host. (PRO 
functions on Server 2008 failover host clus¬ 
ters only.) You determine the recommended 
new host by using the Intelligent Placement 
feature first introduced in the previous 
version of SCVMM. If you turn on auto- 
approve, the automation level sets to Critical 
Only, which means that only PRO tips with 
a critical severity level are automatically 
implemented. This setting auto-manages 
your host cluster in such situations. 

PRO's capabilities also leverage 
SCVMM 2008's management of VMware 
ESX Server. For example, you can define a 
policy in PRO that triggers a VMotion VM 
migration. Thanks to its integration with 
SCOM, however, PRO goes beyond just 


IT PRO HERO 


Rein in VMs Using System Center 
Virtual Machine Manager 

SCVMM helps IT manager Rick 
Webster maintain control over 
The Scooter Store's many VMs 

by Caroline Marwitz 



V irtual machine (VM) products are making it almost absurdly 
easy for IT pros to consolidate servers. But the more you 
virtualize, the greater your challenge in managing that bur¬ 
geoning virtual infrastructure. Last year, Microsoft answered 
administrators'need for better VM management by releasing System 
Center Virtual Machine Manager 2007—SCVMM. (See "Let SCVMM 
2008 Manage It All," InstantDoc ID 99768, page 23, for an in-depth 
discussion of SCVMM.) The release was timely for The Scooter Store, a 
New Braunfels,Texas, supplier of scooters and power chairs for people 
with limited mobility. Rick Webster, The Scooter Store's manager of 
systems and storage, had led efforts to move the company's data cen¬ 
ter to a Microsoft Virtual Server 2005-based environment but found 
that managing all those VMs was getting increasingly complex. Rick 
spoke with Windows IT Pro about how The Scooter Store uses SCVMM 
to keep its 100 or so VMs under control and how the company has 
benefited from virtualization. 


Ql How large is your IT 
environment? 

! To support our business—providing independence to people 
with limited mobility—we run 22 virtual servers: five physical hosts 
in production and 17 physical hosts in our integration environment, 
which is where we do application testing and development which is 
a near mirror copy of our production environment. 

Ql Why did you decide to start using SCVMM? 

Al One of the main reasons we decided to [look at SCVMM] was 
that we were challenged about how to manage virtualization. Cus¬ 
tomarily, we managed our physical server environment one box at a 
time. Implementing virtualization forced us to think in a more logical 
manner as compared with traditional [server management] methods. 
When Microsoft showed us what we'd be able to do by using SCVMM 

www.windowsitpro.com 
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migrating a heavily used VM to another 
host. It understands what's happening 
with the entire stack on Windows VMs— 
the host, the VM, and applications running 
on the VM. 

IT pros sometimes lose sight of the fact 
that ultimately it's the applications and their 
health that count rather than the infrastruc¬ 
ture. With PRO's holistic view of the virtual 
environment, you can define policies and 
rules that take action on a host (e.g., add 
more processor capacity to the VM) because 
the application requires it, not just because 
the VM shows high utilization. 

PRO is also extensible, so Microsoft is 
working with its hardware and software 
partners to make PRO's tips intelligent with 
regard to the application and hardware con¬ 
figuration. You can get practical information 
about configuring SCVMM to work with 


SCOM and then with PRO at blogs.technet 
.com/m2. 

VMware ESX Server support. SCVMM 
2008 can now manage VMware ESX servers 
through its integration with VirtualCen- 
ter. What this management means is that 
SCVMM 2008 can control VirtualCenter's 
popular strengths, such as VMotion, as 
well as apply its own features, such as Intel¬ 
ligent Placement and PRO, to VMware VMs. 
(Intelligent Placement is a feature available 
in both SCVMM 2007 and SCVMM 2008 
that selects the correct host based on the 
workload you define for a VM rather than 
selecting an available host, creating the VM, 
and hoping it fits.) For example, SCVMM 
2008's ESX management is accomplished 
through the management of VirtualCenter 
itself, not the direct administration of the 
ESX hosts. This is because ESX manage¬ 


ment APIs are available only through Virtu¬ 
alCenter. Therefore, VirtualCenter Server is 
a requirement for managing VMware hosts 
and VMs. 

Delegated administration. The del¬ 
egated administrator is a new role available 
to manage hosts and VMs in SCVMM 2008. 
A delegated administrator can perform all 
the functions of a full administrator but 
only on a subset of objects. This kind of job 
is useful for people who need to perform 
administrative functions on some but not 
all hosts managed by SCVMM. This role has 
broader administrative rights than the self- 
service user role. You can control the self- 
service user role according to what types 
of functions are allowed on a per-VM basis, 
whereas the delegated administrator has 
full rights on a predefined scope of host 
servers and libraries. For example, you could 


to manage our data center, we jumped on the beta, then the release 
candidates, and started using SCVMM heavily in production once it 
was released. 

Ql So how do you use SCVMM? 

AlThe main thing we use it for is to manage our virtual environment. 
In the past, before Virtual Server had matured, we had to do a lot of 
scripting and go through a lengthy process to perform physical-to- 
virtual (P2V) migration. You almost had to be a coder to write some 
of those scripts to make sure the migration went successfully. With 
SCVMM, the wizard walks you straight through the P2V migration. 

We also use SCVMM to help us back up our virtual environment. 
SCVMM lets us take snapshots—almost like an undo for our virtual 
environment. If we were going to apply a patch, we could take a 
snapshot through SCVMM and create an undo-disk-type scenario, so 
that if the patch didn't work with an application and we needed to roll 
back, we could do that. 

SCVMM also tells us the best fit for boxes. When we deploy a new 
VM, we enter the expected resource requirements for an application— 
say, 2GB of memory, the Internet or LAN connections—and it gives us 
a star rating: "Out of all the hosts you have in your environment, this 
particular one meets all those requirements." As an administrator, 
you're probably already thinking where you want to put [the VM], but 
SCVMM might tell you that box doesn't have quite enough memory 
to run [the application] or not enough hard-drive space is allocated. 
SCVMM takes a lot of the guesswork out of locating a VM. 

Ql You're planning to implement SCVMM with System Center Data 
Protection Manager (DPM) to switch between virtual hard disks. 
How will that work? 

A: With SCVMM and DPM in our virtual environment, we can do host- 
based backups to provide consistent backup of all VMs. For instance, 


through SCVMM we can set DPM to run every 15 minutes to catch 
the deltas [the data changes] made in the host server. Then, if we 
need to do a restore, we can go back to the last 15 minutes, whereas 
before, we had to revert to last night's capture. This is important to 
maintain accuracy and protect the privacy of our customers' health 
information. 

Ql Are you planning to test the SCVMM 2008 beta? 

Al Yes, we're testing it right now. We're excited with Hyper-V being 
released and SCVMM 2008 letting us see inside and manage VMs 
hosted in our Hyper-V and Virtual Server 2005 environments. 

Ql Will you eventually put everything on Hyper-V? 

Al That's currently the plan. 

Ql Have you documented cost or time savings as a result of using 
SCVMM and VMs? 

A: Yes. We've definitely seen cost savings using Virtual Server: power 
and cooling costs. And using SCVMM, the savings are in user man¬ 
ageability. We've been able to save [the cost of] at least one full-time 
employee—anywhere from $70,000 to $80,000 a year—using Virtual 
Server along with SCVMM. 
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delegate administration rights to manage 
hosts and libraries for a particular region. 

Cluster support. SCVMM 2008 also 
adds management support for Server 2008 
failover clusters for Hyper-V. As a result, 
SCVMM 2008 is cluster-aware when adding 
hosts, letting you discover which clusters 
are available through Active Directory (AD). 
With this support you can create highly 
available VMs that take advantage of PRO 
on a Server 2008 cluster. 

Architecture and Implementations 

Architecturally, SCVMM 2008 consists of 
five main components, plus PowerShell. 
The first component is the Virtual Machine 
Manager (VMM) service (vmmservice.exe) 
itself. Next is a Microsoft SQL Server data¬ 
base (either SQL Server 2005 or the free 
SQL Server 2005 Express Edition for smaller 
implementations) that stores configuration 
information. SQL Server Express comes 
as part of the SCVMM 2008 installation 
package. The third component is a library, 
shared on the network, that contains virtual 
hard drives, ISO disk images, and stored 
VMs to be used by SCVMM. An administra- 
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tor console and a self-service portal round 
out the picture. In addition to the major 
pieces, PowerShell is an essential part of the 
SCVMM server. Furthermore, every host 
that's managed by SCVMM must also have 
a VMM agent installed. 

You can assemble all of SCVMM 2008's 
components in a variety of ways, but most 
installations fall into one of three major 
types: workgroup, corporate, or enterprise. 
In the workgroup configuration, all compo¬ 
nents reside on one server. This setup is typi¬ 
cal in small-to-midsized businesses (SMBs) 
and in test labs. The corporate setup, which 
Figure 1 shows, separates the components 
on their own servers to increase scalability 
and fault tolerance. The enterprise configu¬ 
ration that Figure 2 illustrates expands on 
the corporate configuration by leaving the 
SCVMM and SQL Server systems centrally 
located but scattering library and host pairs 
to different geographical locations. 

PowerShell Benefits 

Like Exchange Server 2007, SCVMM depends 
on PowerShell to perform its actions. SCVMM 
is essentially a sophisticated PowerShell 
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Figure 1: Corporate data center setup 


script generator. This architecture has its 
detractors—for example, it's probably not 
as fast as making API calls in a lower-level 
language—but it adds a tremendous amount 
of flexibility. Every SCVMM action gener¬ 
ates and executes a PowerShell script. Every 
wizard has a PowerShell button on the sum¬ 
mary dialog that lets you see (and copy) the 
script that will be executed. You can modify 
the script for your own purposes, thus never 
having to step through the wizard again. A 
side benefit is that each wizard also teaches 
you PowerShell through the programmer's 
time-honored learning method: modifying 
someone else's code. 

Yet another benefit to the PowerShell- 
centered design is SCVMM's job-oriented 
approach. Because every action you per¬ 
form executes a script, the script's execution 
is tracked and logged as a job in the VMM 
console's Jobs view, as Figure 3 shows. If a 
job fails, you can re-execute it. 

Installation 

If you're just starting to work with SCVMM, 
one of your first tasks is to build up its library, 
which is a catalog of the resources you use 
to create your VMs. These 
resources fall into three cat¬ 
egories: file-based resources, 
templates, and stored VMs. 
File-based resources are 
the library's main resource 
type, and they include CD- 
ROM or DVD images in ISO 
format that you can attach 
to build a VM instead of a 
physical disk, existing Virtual 
Hard Disks (VHDs) that have 
been sysprepped to create 
new instances of themselves, 
PowerShell scripts, and vir¬ 
tual floppy disks for some OS 
boot requirements. SCVMM 
can automatically create a 
sysprepped library VHD from 
an existing VM. The second 
resource type in the library is 
templates that contain hard¬ 
ware profiles and guest OS 
profiles. These resources let 
you develop a standardized 
set of hardware (memory size, 
processor type, virtual CD- 
ROM or DVD with appropri¬ 
ate ISO disk image attached) 
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and OS configurations (OS version, 
license key) to quickly create a new 
VM. The third resource type in the 
library is complete VMs that you 
can quickly deploy onto a host 
server. 

Installing SCVMM 2008 is a 
straightforward process, especially 
compared with the installation 
procedure for the 2007 version. 

In the earlier version, checks for 
prerequisites occurred throughout 
the installation. If you were miss¬ 
ing a component, you had to back 
out of the installation process, add 
the component, and start over. In 
contrast, the SCVMM 2008 installer 
makes hardware and software pre¬ 
requisite checks at the beginning of 
the installation process. In addition, 
the new Wizard format lets you see 
where you are in the process. 

SCVMM requires SQL Server, 
but if you don't have a large num¬ 
ber of machines to manage you 
can use SQL Server Express, 
which is included. You also 
need the Microsoft .NET 
Framework 3.0 and Win¬ 
dows Automated Installa¬ 
tion Kit (WAIK) 1.1, as well 
as PowerShell, if you're 
going to install the Admin¬ 
istrator Console on a system 
other than the VMM system. 

The VMM server connec¬ 
tion uses port 8100, agent 
connections for hosts and 
library servers use port 80, 
and file transfers (e.g., for 
the creation of VMs from 
library VHDs) use port 443. 

SCVMM 2008 can't be 
installed on Server Core. 

This limitation is under¬ 
standable because sev¬ 
eral of SCVMM's features 
(e.g., PowerShell, the rich 
user interface) don't run 
on Server Core. However, 

Server Core includes the 
most secure implementation of Hyper-V, 
which means that you can't run SCVMM 
on a highly secure Hyper-V host server or 
cluster. (Note that you can still manage 
Server Core hosts or clusters.) This short¬ 
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Figure 2: Enterprise data center setup 


Figure 3: VMM console's Jobs view 


coming probably isn't a big deal for large 
companies that can run all the SCVMM 
components on separate systems, but 
it's an important consideration for SMB 
implementations. 


Configuration 


SCVMM's Administrator Console uses the 
System Center Framework user interface, 
which resembles Microsoft Outlook's lay¬ 
out, with a scope of what you're looking 
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at on the left, specifics in the middle, 
and actions for those specifics on the right, as 
you can see in Figure 3. The left-hand pane is 
divided into a treeview on the top and large 
buttons for the major SCVMM views on 
the bottom. Those primary SCVMM views 
are Hosts, Virtual Machines, Library, Jobs, 
and Administration. The middle pane 
focuses on the objects that match the view 
you select in the scope pane. The upper 
window can contain a list of hosts, VMs, 
library files, jobs, or administrative options. 
The lower window contains the properties of 
the object that's selected in the upper win¬ 
dow. In Figure 3, for example, the lower win¬ 
dow displays the progress of the individual 
steps in the Create virtual machine job 
selected in the upper window. The right 
pane—the action pane—shows a list of 
actions you can perform on the object 
you've selected. It contains all the actions in 
the right-click context menu for an object, 
plus general actions you can take at any 
time. 

Whether you're creating a new VM 
from Hyper-V or from SCVMM 2008, the 
first thing you notice is that the mouse 
doesn't work in the VM's console session. 
For the mouse to work and the console to 
have full functionality, you need to install 
Server 2008 Hyper-V's Integration Services 
on the VM. (Server 2008's initial Hyper-V 


comes with a version of Integration Ser¬ 
vices already installed, but later versions of 
Hyper-V have made it incompatible.) You 
need to control the VM without a mouse to 
install Integration Services. 

If you use Remote Desktop to log on to 
the VMM console (instead of having the 
console installed locally on your system), 
the process is even more cryptic and subtly 
different from what you've done in the past. 
You might think that removing management 
on the VM and connecting to the VM via 
Remote Desktop is a workaround for this 
problem, but it isn't. Without the installation 
of Integration Services, the VM doesn't have 
a working network adapter and therefore 
lacks remote management. However, you 
can build a sysprepped image with Integra¬ 
tion Services preinstalled and then store it 
in the library as a VHD from which to base 
new VMs. This way, the mouse functions 
on the VMs from the start. John Howard, 
senior program manager on the Hyper-V 
team, comes to the rescue with his blog 
post "Controlling Hyper-V VMs in Virtual 
Machine Connection over TTS/Remote 
Desktop without a mouse" at blogs.technet 
.com/jhoward/archive/2008/03/23.aspx, 
which helps you through mouse-less 
operation. 

Microsoft designed SCVMM and its 
administrative console to manage hosts 


and VMs in the same domain, the same 
forest, or a different forest joined through a 
forest trust. It's possible but extremely dif¬ 
ficult to use a non-domain-joined console 
to manage domain-joined resources. John 
Howard also has blog posts on this topic, 
but you don't want to attempt the proce¬ 
dure unless absolutely necessary. If you 
have VMs to manage in multiple forests, 
I strongly recommend that you establish 
forest trusts (rather than external trusts) 
between the forests. 

Modern Virtual Infrastructures 

VMs are much easier to provision than 
real machines, but once they're in pro¬ 
duction, they have many of the same 
lifecycle issues that physical servers have. 
For instance, you must patch them and 
back them up. (For information about 
patching VMs, see the sidebar "Microsoft's 
Offline Virtual Machine Servicing Tool.") 
SCVMM isn't a silver bullet for practicing 
lifecycle management on your production 
systems. It doesn't address whether a sys¬ 
tem should still be up and running, shut 
down and stored in the SCVMM library, 
or simply deleted. Your operational prac¬ 
tices must cover the server lifecycle issues, 
regardless of whether the servers are vir¬ 
tual or physical. 

SCVMM is currently in public beta; you 
can register for it a t connect.microsoft.com. 
It is scheduled to be released by the end of 
2008. 

For all the talk about virtualization, the 
adoption of it is still low. One of the biggest 
barriers to a wider acceptance of virtualiza¬ 
tion is the cost of building a production- 
capable virtual infrastructure. IT budgets are 
so tight that bottom-line costs for a solution 
are extremely important. With Server 2008, 
Hyper-V and SCVMM 2008 and its integra¬ 
tion with SCOM, Microsoft has built a com¬ 
pelling case for constructing a modem virtual 
infrastructure at a reasonable price. ^ 
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Microsoft's Offline Virtual 
Machine Servicing Tool 

A unique problem associated with a virtualized infrastructure is keeping inac¬ 
tive virtual machines (VMs) in the Microsoft System Center Virtual Machine Manager (SCVMM) library 
up-to-date with the latest software patches. It's not uncommon for VMs that aren't currently needed 
to be shut down for weeks or months at a time, without participation in any regular patching cycle 
during that period. 

Microsoft designed a utility to make solving this problem a little easier. The Offline Virtual Machine 
Servicing Tool, currently in beta, is a Microsoft Solution Accelerator that integrates with SCVMM, Pow- 
erShell, and your Microsoft System Center Configuration Manager or Windows Server Update Services 
servicing tool to patch your inactive VMs. It does so with PowerShell scripts called "servicing jobs"that 
deploy an inactive VM from the library to a host to start the VM, trigger the software update cycle, 
then shut down the VM and return it to the SCVMM library. The tool works in conjunction with Task 
Scheduler, so you can schedule the servicing jobs to run at low activity times on your hosts. 

The Offline Virtual Machine Servicing Tool beta is public and available to anyone who registers on 
Microsoft Connect (connect.microsoft.com).The current beta supports only SCVMM 2007, but the latest 
version in the works tackles interoperability with SCVMM 2008. 
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ADVERTISEMENT 


THE TOP 10 MOST 

PREQOENTIY ASKED QOESTIONS 

Microsoft Office SharePoint Server (MOSS) 2007 is enjoying rave 
reviews from IT Pros and business users alike. For those familiar 
with previous versions as well as those who know nothing 
about it, here are 10 of the most frequently asked questions 
about MOSS 2007. 


ABOUT MOSS 2007 

By Michael K. Campbell 


How does MOSS 2007 differ from 
Windows SharePoint Services? 

MOSS 2007 is built on top of Windows 
SharePoint Services 3.0 and offers 
enhanced features and capabilities 
designed to allow employees to efficiently 
collaborate with team members, locate 
critical business tools and resources, 
participate in (and manage) shared 
tasks and workflows, and easily access 
business insight. Best of all, MOSS 2007 
also represents a powerful applications 
development platform while facilitating 
enterprise content management. 

What's New and Improved? 

A lot. For businesses and end users, a 
huge push toward social computing 
improves collaboration (through the 
use of blogs, wikis, improved real¬ 
time communication, and rich email 
integration), while powerful new search 
capabilities make it easier than ever to find 
data. MOSS 2007 has also been enhanced 
with InfoPath-based interoperability that 
adds powerful data-gathering capabilities 
when combined with Office 2007 Forms 
Server. For IT pros, MOSS 2007 also 
decreases management costs and efforts 
while making adherence to regulatory 
requirements much easier. 

I'm new to SharePoint, 

Why all the Focus on Portals? 

Business users today are awash in 
information. Yet, ironically, it can still be 
hard for them to find the right tools, 
information, and resources to get their 
jobs done. SharePoint Portals provide 
'one-stop' locations where resources, 
tools, and information can both be 
aggregated and filtered according to 
the needs of individual business users. 

As such, portals provide access to tools, 
documents, workflows, contacts, and 
business intelligence that enables users to 
be more productive. 

What's the new Enterprise Search 
functionality like? 

Customers familiar with earlier versions 
of search functionality are very impressed 
with new Enterprise Search improvements 
and features. With it, businesses can 
index and search data from file shares, 
Exchange, Lotus Notes, as well as 


SharePoint sites and resources. Search 
can also be easily extended to third-party 
resources while maintaining enterprise- 
caliber scalability, manageability, and ACL- 
based control over sensitive information. 
Best of all, end-users find search intuitive, 
powerful, and easy to use. 

What Can I do with Forms Server? 

Office Forms Server 2007 functionality 
extends MOSS 2007 to facilitate secure, 
Web-based, data-gathering solutions that 
can be tied to internal business processes. 
Furthermore, when incorporated within 
MOSS 2007 extranets, Forms Server can 
facilitate data collection from suppliers, 
partners, customers or even potential 
sales leads—which efficiently and securely 
extends collaborative capabilities outward. 

How Much does MOSS 2007 Cost 
to License? 

Server Licenses cost $4,427 and CALs start 
at $94 (Enterprise CALs cost $75 more). 
Search functionality is licensed separately 
with Standard( $8,213) and Enterprise 
($57,670) options while Forms Server 
functionality costs $4,424/server +$54/ 
CAL. MOSS 2007 can also be licensed for 
non-employee Internet users at $40,943/ 
server along with Forms Server Licensing 
for Internet sites costing $22,118/server. 

What about infrastructure costs 
and other needs? 

In addition to licensing costs, MOSS 2007 
also needs suitable application hosting 
servers running Windows SharePoint 
Services 3.0, along with back-end 
database storage. In smaller organizations, 
a single SQL Server instance typically 
suffices, though larger deployments 
typically rely upon high-end SQL Server 
clusters to ensure availability and 
throughput. For more information, see the 
'How to Buy' overview on the Microsoft 
SharePoint Web site. 


Doesn't SharePoint Require 
an Army of Developers? 

MOSS 2007 provides a tremendous 
amount of functionality that can be 
leveraged out of the box—without the 
need for developers. But SharePoint 
also represents a powerful applications 
development and hosting platform that 
can be used to seamlessly encapsulate 
business processes, tasks, and workflows 
within an environment that's very familiar 
to end users. With the addition of Forms 
Server functionality and an increased focus 
on development tasks, it's never been 
easier for developers to extend SharePoint 
functionality and meet business needs. 

What about Setup and 
Deployment Efforts? 

Solutions created with MOSS 2007 
typically enjoy high rates of success and 
user adoption—making them very heavily 
trafficked resources. Therefore, while it's 
possible to deploy MOSS 2007 servers and 
components without much effort, you'll 
typically want to incorporate significant 
planning in order to avoid too much 
organic growth. As such, planning and 
guidance documentation provided by 
Microsoft can help provide best practices 
information that will simplify deployment 
and management operations. 

Where can I Learn More? 

Microsoft's official SharePoint site (www. 
microsoft.com/sharepoint/ ) provides 
demos, overviews of features and 
functionality, along with trial versions of 
MOSS 2007 that you can download and 
preview. But a great way to see what 
MOSS 2007 is capable of (in terms of 
meeting your business needs) is to check 
out the case studies (microsoft.com/ 
sharepoint/prodinfo/evidence.mspx ) that 
relate customer success stories. 
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Split-Brain 

DNS 


This slick 
configuration 
resolves locations 
correctly from 
both inside and 
outside of your 
local network 


by Michael Dragone 

ILLUSTRATION BY JIM DANDY / IMAGES.COM 

T he Domain Name System (DNS) is one of the most 
critical aspects of any IT environment. All Internet users, 
whether they know it or not, are dependent on DNS. 
If, like most Windows IT Pro readers, you're running 
Active Directory (AD) in your environment, you know 
that your users are also heavily dependent on DNS to 
locate resources on your network, such as domain controllers (DCs). 
Without using DNS to locate a DC, your users wouldn't even be able 
to log on! 

Split-brain DNS is a configuration method that enables proper 
resolution of names (e.g., example.com) from both inside and out¬ 
side of your local network. Although "split-brain DNS" sounds like 
something that would require an Ace bandage and a boatload of 
aspirin, it's actually something that almost every organization uses. 
Despite how common it is, I still regularly hear from administrators 
who aren't familiar with it for one reason or another, and who have 
problems that can be solved easily by setting up split-brain DNS. 
Let's take a look at a situation where split-brain DNS is called for, 
then I'll demonstrate how you can set up split-brain DNS in your 
organization. 


A Splitting Headache 

Imagine this frustrating scenario: You're an administrator for a small organization, and you've just finished setting up 
a new web server. This new server is joined to your AD domain, mydomain.local, and you've securely published it 
to the Internet through your firewall. The machine name of this server is WEB01, making its Fully Qualified Domain 
Name (FQDN) webOl.mydomain.local. You've assigned it a static IP address of 192.168.123.10. 

Your ISP hosts your external DNS records, so you select an unused public IP address from the pool they've 
assigned to you, then ask the ISP to configure an A record for www.mydomain.com that resolves to your chosen 
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public IP address. Later, sitting at your 
office desk, you type www.mydomain.com 
into the address bar of your browser, but 
your site doesn't load. You confirm with 
your ISP that they've set up the A record 
correctly. You then call your neighbor, 
who's home on vacation, and have her try 
to load your site. It works perfectly for her. 
What gives? 

If you've set up your AD DNS server 
to forward queries that it can't authori¬ 
tatively answer to another DNS sever 
that can—such as your ISP's DNS serv¬ 
ers—you're probably thinking that your 
configuration should load the page suc¬ 
cessfully from your office browser. Your 
AD DNS server contains only the my 
domain.local zone, so a query for www 
.mydomain.com is forwarded to the ISP's 
DNS servers, which should return the cor¬ 
rect results to you. We know the ISP's 
DNS servers have the correct information 
because your neighbor was able to access 
the website. However, the ISP's server 
answers your query with the public IP 
address of your site. 

“So?" you might be saying to yourself. 
“That should work: My computer should 
then connect to that IP address, and every¬ 
thing should be lovely!" But it isn't. The 
problem is that your edge router or firewall 
is configured such that when it sees one 
of its connected networks trying to send 
information to itself, it drops the packets 
and you're dead in the water because your 
site doesn't load. 


The solution is clear: You need to 
make your internal DNS servers answer 
queries for www.my 
domain.com with 
the static IP address 
192.168.123.10. 

Split-brain DNS 
ensures that when 
users at the office 
on the local network 
type in www.my 
domain.com, the DNS 
record returned con¬ 
tains the internal pri¬ 
vate IP address of the 
website you've set up, 
but when users away 
from the office's local 
network try to access 
www. my do main 
.com, the DNS record 
returned contains 
the external public IP 
address of the website. 

Figure 1 shows a high- 
level overview of the 
query paths after this 
setup is complete. 

Double-Duty DNS 

Contrary to what you 
might believe, your 
AD DNS servers are 
capable of hosting 
DNS zones that aren't 
also AD domains. In 


fact, these zones can be AD-integrated with¬ 
out being AD domains! 
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> Master identities in your SharePoint sites with ADFS 
and other technologies 



STEVE RILEY 

Senior security 
strategist in 
Microsoft's 
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Computing Group 
MICROSOFT 


MARK MINASI 

Best-selling author, 
popular technology 
columnist, 
commentator 



SCOTT GUTHRIE I THOMAS RIZZO 


Corporate Vice 
President, .NET 
Developer 
Division 

MICROSOFT 


Director in the 
SharePoint group 
MICROSOFT 
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Make CONNECTIONS the CONFERENCE 
you bring your whole team to this year! 

As a Connections attendee, you and your colleagues can attend all of the Connections 
shows, and cross between all of the sessions, at the same time for the same price. 


MICROSOFT 

E CHANGE 

Connections 

20 08 

O 

UNIFIED 

COMMUNICATIONS 

Connections 

2Q°8 

MICROSOFT 

ASP.NET 

SOT 

m m 

(CONNECTIONS) 



WINDOWS 

Connections 

2Q°8 

SharePoint 

0 Dime e'inO'iiy 

2Qo 8 

O 

Server 

(CONNECTIONS) 

f^DOTNETNUKE 

OPENFORCE 08 

C CONNECTIONS) 


A sample of the technologies and products you can learn about this November in Las Vegas: 


■ AJAX 

■ .NET Task Parallel Library 

■ Active Directory Configuration 

■ ADFS 

■ AD0.NET 

■ AD0.NET Data Services 

■ Analysis Server 

■ ASP.NET MVC Framework 

■ Cascading Style Sheets (CSS) 

■ ClickOnce 

■ Continuous Replication 

■ Data Control 

■ Data Protection Manager 

■ Deploying Windows Server 2008 PKI 

■ DotNetNuke 

■ Enterprise Library Data Access 
Application Block (DAAB) 

■ Entity Data Model 

■ Entity Framework 

■ Exchange Server 2007 


■ Expression Blend 

■ Group Policy 

■ Hyper-V 

■ Identity Lifecycle Manager 

■ IIS 7 

■ InfoPath 

■ Integration Services 2008 

■ IPv6 

■ JavaScript Object Notation (JSON) 

■ jQuery 

■ Language Integrated Query (LINO) 

■ LoadGen 

■ Membership Services 

■ Microsoft Identity Lifecycle 

■ Microsoft Synchronization Services 

■ Office Communications Server 

■ Parallel Language Integrated Query 
(PLINQ) 

■ PerformancePoint Server 

■ PowerShell 


■ Property Builders 

■ Report Center 

■ Search Server 2008 

■ Service-Oriented Architecture (SOA) 

■ Silverlight 

■ SQL Server 2008 

■ SQL Server Compact Edition 

■ SQL Server Reporting Services (SSRS) 

■ Storage Technologies 

■ System Center Configuration Manager 

■ UC Devices 

■ Unified Messaging 

■ Virtualization 

■ Visual Studio Team System Database Edition 

■ Windows Communication Foundation (WCF) 

■ Windows Deployment Services 

■ Windows Presentation Foundation (WPF) 

■ Windows Server 2008 Server Core 

■ Windows Workflow Foundation (WF) 

■ XAML 

■ XML 


Bring a Friend! 



■ Cross over between all co-located sessions 
for FREE! 

■ Spread your team out across several sessions to 
learn more, or bring them all together so they're 
all hearing the same thing at the same time. 

It's completely flexible! 

■ Experience Las Vegas with your friends! 


Register individuals from one company at the same time 
and receive a group discount. 


1-3 registrants 

$1,495 per person 

Additional registrants after 

the 3rd (4th, 5th, 6th...) 

$1,295 per person 

($200 off each) 


Call 800-438-6720 to take advantage of group 
discount pricing. 


REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 
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PRE-CONFERENCE 


NOVEMBER 9, 2008 

PRE-CONFERENCE 2-DAY WORKSHOP • 9AM-4PM • WINDOWS TRACK 

AUTOMATING IT OPERATIONS BY USING WINDOWS 
POWERSHELL - DAY 1 (Bring Your Own Laptop) 

DON JONES 

Don Jones, the industry's most experienced Windows PowerShell instructor 
and 5-year recipient of Microsoft's MVP Award, teaches you to put Windows 
PowerShell to practical use in two full days of hands-on, practical instruction. 
You'll learn about the "PowerShell Way Of Doing Things," including its cmdlets 
and unique pipeline, and you'll learn how to use PowerShell's simplified, 14- 
keyword scripting language to automate your organization's own business 
processes. You'll focus on real-world administrative tasks that utilize Active 
Directory, Windows Management Instrumentation, and more. This is an 
intense session, and while it requires no previous Windows PowerShell experi¬ 
ence, you should bring significant Windows administration experience and be 
prepared to learn fast and work hard. This workshop is exclusive to Windows 
Connections and cannot be found elsewhere. This is a two-day hands-on 
workshop. Bring your own laptop. Your laptop must have Windows PowerShell 
installed and you must have full Administrator privileges. To fully participate, 
you must also be running a virtual machine that contains a Windows 2003 or 
2008 domain controller, in a standalone test domain, and that you have both 
Windows PowerShell and the AD Management Shell cmdlets (free from 
www.quest.com/powershell ) installed inside the virtual machine. For full ses¬ 
sion system requirements visi t http://preview.tinyurl.com/45rju3 . 

PRE-CONFERENCE WORKSHOP • 9AM-4PM • EXCHANGE TRACK 

U-FIX-IT: TROUBLESHOOTING EXCHANGE SERVER 2007 
(Bring Your Own Laptop) 

PETER O'DOWD 

This intensive one-day troubleshooting workshop is essential for IT and 
Exchange administrators who want hands-on experience troubleshooting data¬ 
bases, message flow, and performance in a lab environment. Exchange expert 
and MVP Peter O'Dowd will walk you through the process of identifying and solv¬ 
ing problems using a wide-range of tools and techniques. On your laptop, you’ll 
perform virtual hands-on labs developed by Wadeware® that simulate problems, 
and then walk through the process of troubleshooting and solving them. Attend 
this full-day workshop to better understand Exchange database architecture and 
gain knowledge necessary to recover and support your Exchange Server 2007 
system. NOTE: The laptop you bring MUST have at least 2GB of memory, 15GB free 
disk space, and should have an optical drive capable of reading a dual-layer DVD. 

NOVEMBER 10, 2008 

PRE-CONFERENCE 2-DAY WORKSHOP • 9AM-4PM • WINDOWS TRACK 

AUTOMATING IT OPERATIONS BY USING WINDOWS 
POWERSHELL - DAY 2 (Bring Your Own Laptop) 

DON JONES 

See abstract above. 

PRE-CONFERENCE WORKSHOP • 9AM-4PM • EXCHANGE TRACK 

WALK IN THE PARK: MICROSOFT EXCHANGE 2007 HANDS-ON LABS 
(Bring Your Own Laptop) 

PETER O'DOWD 

Come take a six-hour guided tour of Exchange Server 2007 and see for your¬ 
self the next evolution of the world's most powerful messaging system. 


Experience the new Management Console, the five new server roles, e-mail 
policy enforcement and compliance, powerful new scripting tools, new archi¬ 
tecture, new high availability and disaster recovery features, new mailbox 
features, and methods for migrating from earlier versions of Exchange. In 
this information-packed day with Exchange expert and MVP Peter O'Dowd, 
you'll get hands-on experience with Exchange Server 2007 using your laptop 
to walk through several labs developed by Wadeware® NOTE: The laptop you 
bring MUST have at least 2GB of memory, 15GB free disk space, and should 
have an optical drive capable of reading a dual-layer DVD. 

PRE-CONFERENCE WORKSHOP • 9AM-12PM • WINDOWS TRACK 

GROUP POLICY FUNDAMENTALS, SECURITY, AND CONTROL 
JEREMY MOSKOWITZ 

Group Policy is the most efficient way to manage desktops in a Windows envi¬ 
ronment. If you are still running to machines to install and configure desk¬ 
tops, you are not taking full advantage of the power of Group Policy. In this 
practical workshop, Jeremy Moskowitz will help you gain control of your envi¬ 
ronment and get your life back. This is the perfect workshop to take before 
doing "deep dives" into the main sessions of the conference. You'll get a little 
bit of everything: deployment, configuration, control, and security! We'll warm 
up with some Group Policy basics. Then, you'll learn how to get your XP and 
Vista client machines up and running with some new set up options. After 
your machines are up and running, Jeremy will show you how to manage 
your environment with GPOs. You'll get some "solid base hits" to ensure you 
can go back to work with some good ideas you can immediately put to use. 
For instance, learn how to zap printers down to your computers, and remotely 
deploy software to your users' desktops, and learn how to use Group Policy to 
secure collections of machines. You'll also get a sneak-peek at the Group 
Policy Preferences, the newest Microsoft technology that's 100% free-and it 
will get you out of login-script hell. We'll examine how Group Policy can do 
the heavy lifting to the jobs you want to do! This session has both XP and 
Vista content. (NOTE: Some material is repeated in Jeremy's regular sessions as reinforcement.) 

PRE-CONFERENCE WORKSHOP • 1PM-4PM • WINDOWS TRACK 

VIRTUALIZATION: A REAL-WORLD JUMP START 

ALAN SUGANO 

Virtualization is one of the hot topics this year. With significant increases in 
performance of the current generation of server hardware with quad-core 
processors, high memory capacity, and Serial Attached SCSI (SAS) drives, 
much of the processing power on a server goes unused. Virtualization allows 
you to take advantage of this processing power by running several virtualized 
servers on one physical host. If you're considering virtualization and are new 
to this technology, this workshop will get you up to speed. You'll learn about 
the following topics: 

■ Virtualization hardware. Server processors, memory and hard drive 
configurations. Optimization of the hardware and the virtual environ¬ 
ment for the best virtual guest performance. Running the x64 platform 
for virtual hosts and guests. 

■ Virtualization software (Virtual Server 2005, VMware Server, ESX Server). 

■ Backup strategies of virtual servers. 

■ Virtualization and high availability. Learn about the high availability 
solutions from Microsoft and VMware in the virtual server environment. 

■ Virtual guest limitations and how to determine if virtualization is a good 
fit for your application. 
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PRE-CONFERENCE WORKSHOP • 9AM-4PM • SHAREPOINT TRACK 

SHAREPOINT SERVER 2007 DOCUMENT MANAGEMENT 
BEST PRACTICES 
BEN CURRY 

Document management is the process of applying creation, management, 
storage and other rules to how documents are created, persisted and expired 
within an organization. Document collaboration is merely the process of 
checking out, checking in, and versioning a document before it is published. 
Windows SharePoint Services gives you document collaboration where as 
SharePoint Server 2007 gives you document management. Records manage¬ 
ment encompasses all of that which is document management plus it applies 
to a broader set of content elements-not just documents. Any electronic 
record, such as a list item or log entry, can be managed as well in SharePoint 
Server 2007 if there is a need to do so. Managing these documents involves 
workflows, templates, expiration policies, and integration with the Microsoft 
Office suite. This workshop will cover the following: 

1. Creating and managing Web applications for document collaboration 

a. Content database planning and management 

b. Information architecture 

c. Site directory 

2. Creating and managing document libraries from an 
administrator's perspective 

3. Creating and managing large lists for performance using indexed 
columns and folders 

4. Integration with third-party products and Microsoft Outlook 2007 

5. An overview of using Workflows for business processes 

6. Leveraging content types for document management 

a. Templates 

b. Expiration 

c. Metadata collection via site columns and document information panels 

d. Workflows 

7. Replacing file shares with SharePoint (or why not to) 

8. Configuring document repositories for search and findability 

9. Managing documents from multiple locations 

10. Creating and managing a records repository 

11. Understanding and using the Recycle Bin for item recovery 

PRE-CONFERENCE WORKSHOP • 9AM-4PM 

PLATFORM EXTENSION MODEL FOR SHAREPOINT PRODUCTS 
AND TECHNOLOGIES 
MICHAEL HERMAN 

The goal of the Platform Extension Model for SharePoint Products and 
Technologies is to help architects and project planners understand how best 
to map their solution requirements with the ITB (In The Box) features of the 
SharePoint platform to minimize the amount of custom coding and maximize 
the amount of solution development through configuration (solution compos- 
ability). The SharePoint Feature Dependency Network is also introduced. 


POST-CONFERENCE 


POST-CONFERENCE WORKSHOP • 9AM-4PM • WINDOWS TRACK 

REIMAGINING WINDOWS ADMINISTRATION: 

THE CONNECTIONS CAPSTONE 
DAN HOLME 

Find out why this workshop, revised for Windows Server 2008 and Windows 
Vista, is consistently rated as a "best of breed" session. From his work with 
dozens of Fortune-caliber enterprises, Dan Holme has amassed a wealth of 
experience and expertise-solutions which enable you to deliver real-world 


REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 


administrative best practices within the constraints of real-world budgets and 
technologies. This workshop will enable you to design and implement 21st cen¬ 
tury best practices for Windows and Active Directory administration so you can 
work SMART: Secure, Managed, Automated, Reponsive and Trustworthy. 
Role-Based Management Extreme Makeover. You will discover how to implement 
role-based management, in which users are defined by their business roles 
and where resource access and configuration are instantly, accurately, and 
auditably applied. Empower your enterprise to enable a documented, 
auditable structure for resource security, asset management, and more 
Advanced Active Directory & Administrative Delegation: Rethink the way you delegate 
and manage administrative tasks by applying concepts of role-based man¬ 
agement and least privilege to administrators themselves. Learn what you 
can do to lock down and provision AD, client, and server administration and 
to create an effective administrative hierarchy. 

Provisioning And Proxying: You have the technology. Your business has processes. 
But too commonly they are not aligned. Learn how concepts of provisioning 
and proxying can enable you to support business processes through easy-to- 
implement solutions for scenarios including user management, new and 
replaced computers, and group membership tracking, to name a few. 

This workshop will be invaluable for companies wanting to maximize their 
investment in their Windows infrastructure, and a perfect capstone to your 
Connections experience. 

POST-CONFERENCE WORKSHOP • 9AM-4PM • EXCHANGE TRACK 

WALK IN THE PARK: OFFICE COMMUNICATIONS SERVER HANDS- 
ON LABS (Bring Your Own Laptop) 

THOMAS FOREMAN 

Come take a six-hour guided tour of Office Communications Server (OCS) 

2007 and see for yourself the latest Microsoft Unified Communications prod¬ 
uct. Much, much more than Instant Messaging, Office Communications Server 
provides text, web conferencing, and Voice over IP solutions that allow you to 
change the way your organization communicates. Well install and configure 
OCS 2007, demonstrate Office Communicator 2007 and Live Meeting 2007, 
configure and integrate OCS 2007 with Exchange Server 2007 Unified 
Messaging, and configure and use Communicator Web Access. In this informa¬ 
tion-packed day, you'll use your laptop to walk through several hands-on labs 
developed by Wadeware® with OCS expert MVP Thomas Foreman. 

NOTE: The laptop you bring MUST have at least 2 gig of memory (4 GB recommended), 20 GB free 
disk space, an optical drive capable of reading a dual-layer DVD, and a headset with microphone. 

POST-CONFERENCE WORKSHOP • 9AM-4PM • SHAREPOINT TRACK 

THE SHAREPOINT DEVELOPER, DESIGNER, AND POWER USER 
GAME SHOW 
DUSTIN MILLER 

During the SharePoint Developer, Designer, and Power User Game Show, you'll 
learn the right way and the wrong way to develop custom solutions, design 
master pages and themes, and customize your site with tools like SharePoint 
Designer.This post-con workshop is designed to appeal to developers, Web 
designers, and even "power users" who want to know how best to take 
advantage of SharePoint as a platform for collaboration and develop¬ 
ment. While there will be some focused discussions involving topics like .NET 
coding, master page and page layout design, and data view Web parts, the 
workshop will include sample code and ideas for every attendee, and is 
designed to allow everyone to take away something useful and powerful for 
their own SharePoint projects, no matter what their role. While there won't be 
lab assignments during this session, written labs will be provided to each 
attendee via an online site exclusive to this post-con workshop. Plus: It's a 
game show! Plan to have fun and maybe even win some prizes! 
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MICROSOFT EXCHANGE 

MICROSOFT DAY 



THE FOLLOWING SESSIONS WILL ALL BE PRESENTED 
BY SPEAKERS FROM MICROSOFT. 

MICROSOFT EXCHANGE SESSIONS 

WINDOWS SERVER 2008 HYPER-V AND MICROSOFT EXCHANGE 

SERVER 2007 SP1 

MICROSOFT 

HOW MICROSOFT IT DESIGNED AND DEPLOYED THE EDGE 
TRANSPORT SERVERS TO PROTECT THE MESSAGING 
ENVIRONMENT 

MICROSOFT 

GOING BIG! DEPLOYING LARGE MAILBOXES WITH MICROSOFT 
EXCHANGE SERVER 2007 WITHOUT BREAKING THE BANK 
MICROSOFT 

ADVANCED TROUBLESHOOTING STRATEGIES FOR MICROSOFT 

EXCHANGE SERVER 2007 

MICROSOFT 

EAS AND OWA FOR MICROSOFT EXCHANGE SERVER 2007 SP1 
MICROSOFT 

MICROSOFT EXCHANGE SERVER 2007 SP1 ARCHITECTURE AND 

DESIGN IN MICROSOFT IT 

MICROSOFT 

UNIFIED COMMUNICATIONS SESSIONS 

PLANNING VOICE ARCHITECTURE AND DEPLOYMENT IN 
MICROSOFT OFFICE COMMUNICATIONS SERVER 2007 
MICROSOFT 

MICROSOFT OFFICE COMMUNICATOR 2007 INTERNALS AND 
TROUBLESHOOTING 

MICROSOFT 



SUNDAY, NOVEMBER 9, 2008 

7:30am -12:00pm 

Pre-Conference Registration ONLY 

9:00am - 4:00pm 

Pre-conference Workshops 

MONDAY, NOVEMBER 10, 2008 

7:00am - 5:00pm 

Conference Registration 

9:00am - 4:00pm 

Pre-conference Workshops 

6:30pm - 8:30pm 

Opening Keynote 

TUESDAY, NOVEMBER 11, 2008 • MICROSOFT DAY 

7:00am - 5:00pm 

Conference Registration 

7:00am - 8:00am 

Continental Breakfast 

8:00am - 9:00am 

Keynote 

9:30am -10:30am 

Conference Sessions 

10:45am - 11:45am 

Conference Sessions 

11:45am - 1:30pm 

Lunch 

1:30pm - 2:30pm 

Conference Sessions 

2:45pm - 3:45pm 

Conference Sessions 

5:00pm - 7:00pm 

Expo Hall Opens/Reception 

WEDNESDAY, NOVEMBER 12, 2008 

7:00am - 5:00pm 

Conference Registration 

7:00am - 8:00am 

Continental Breakfast 

8:00am - 9:15am 

Conference Sessions 

10:00am - 11:15am 

Conference Sessions 

11:30am - 12:45pm 

Conference Sessions 

12:45pm- 2:15pm 

Lunch 

2:15 pm - 3:30pm 

Conference Sessions 

4:15 pm - 5:30pm 

Conference Sessions 

THURSDAY, NOVEMBER 13, 2008 

7:00am - 8:00am 

Continental Breakfast 

8:00am - 9:15am 

Conference Sessions 

9:30am -10:45am 

Conference Sessions 

11:30am -12:30pm 

Conference Sessions 

12:30pm- 2:15pm 

Lunch 

2:15 pm 

Expo Hall Closes 

2:15 pm - 3:15pm 

Conference Sessions 

3:45pm - 4:30pm 

Closing Session 

FRIDAY, NOVEMBER 14, 2008 

9:00am - 4:00pm 

Post-conference Workshops 


TUESDAY, NOVEMBER 11: 

"WOMEN IN TECHNOLOGY" 


LUNCHEON 


SEE WEB SITE FOR DETAILS. 
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EXCHANGE 


EXC01: DESIGN VALIDATION USING 
JETSTRESS AND LOADGEN 
JUERGEN HASSLAUER 

You just finished the design concept of your new 
Exchange Server 2007 environment. Are you con¬ 
fident that it will fulfill the requirements of your 
users? Are you sure that the latency of the stor¬ 
age subsystem is within the supportability bound¬ 
aries defined by Microsoft? How can you verify if 
your Client Access Server is able to handle the 
predicted number of concurrent connections from 
your mobile workforce using Outlook Web Access 
and Outlook Anywhere? This session discusses 
how you can use Jetstress to test the storage 
subsystem. You will learn how to use LoadGen to 
simulate users accessing the Exchange environ¬ 
ment with different protocols. This will enable you 
to validate your design and be confident that you 
can identify issues before you move the Exchange 
environment to production. 

EXC02: EXCHANGE SERVER 2007 
CONTINUOUS REPLICATION 

JUERGEN HASSLAUER 

Exchange Server 2007 supports continuous data 
replication and enables administrators to create a 
second copy of the data stored in the information 
store. This session discusses Local Continuous 
Replication (LCR), Cluster Continuous Replication 
(CCR), and Standby Continuous Replication (SCR). 
You will learn how you can use these built-in 
application replication methods for geographical¬ 
ly dispersed deployments. This session will help 
you to make an informed decision about when to 
use LCR, CCR, SCR, or a traditional storage-based 
replication solution from a third-party vendor. 

EXC03: EXCHANGE MAILBOX 
SERVER SIZING 
JUERGEN HASSLAUER 

Exchange Server 2007 is now a 64-bit application 
and it removed the scalability boundaries of its 32- 
bit predecessor. No more kernel memory limits and 
heavily reduced storage performance requirements. 
Can I now host 10,000 users with 2 GB mailboxes on 
one mailbox server? Should I give back my expen¬ 
sive SAN array and buy a few, cheap, large-capacity 
disks for a direct attached storage box? Continuous 
Replication looks great, should I now drop the best 
practice to run daily full backups and put all my 
faith in the database replica? This session provides 
answers to these questions that come up in 
Exchange Server 2007 migration. This session dis¬ 
cusses rules of thumb for sizing your Exchange 
servers and shares the findings from production 
deployments in corporate environments. 


EXC04: EXCHANGE 2007 DUAL-SITE 
DISASTER RECOVERY 
DAVE BANTHORPE 

Exchange 2007 has brought a new routing model 
to messaging deployments-one that relies on the 
Active Directory site topology. In many cases this 
may not present any issues to you, but what hap¬ 
pens in a disaster recovery scenario? As an 
Exchange administrator what do you need to do to 
get mail flowing again? This session looks at a typ¬ 
ical hub-spoke AD site design where the central 
hub services are split across two main datacenters 
for disaster recovery purposes. It looks at what 
happens to mail flow in various failure scenarios 
for both Hub and Edge Transport services and at 
what intervention is required to get mail flowing 
again. It will also take a look at what impact this 
has on public folder replication for Eree/Busy and 
Offline address books for Outlook 2003 clients. 

EXC28: EXCHANGE AT HALF THE PRICE!- 
OPTIMIZING YOUR EMAIL INFRASTRUCTURE 
USING CONSOLIDATION AND 
VIRTUALIZATION 
FRANK WRUBEL 

Microsoft Exchange Server 2007 has been signifi¬ 
cantly enhanced to utilize x64 technology and take 
advantage of increased memory. This enables 
greater scalability, increased functionality and 
improved performance compared to previous 
releases. In order to best take advantage of this 
performance, and minimize investment that may 
be required, a new perspective on underlying infra¬ 
structure may be in order. Considering an alterna¬ 
tive to the business-as-usual approach is particu¬ 
larly apt at a time when new (x64) server invest¬ 
ment is required by most and when organizational 
communications is evolving so rapidly. 

In this session we will discuss work that has been 
done to test the limits of Exchange 2007 using vari¬ 
ous consolidation methodologies and virtualization 
technologies, with a particular emphasis on bottom 
line results/savings. The objective of this effort has 
been to increase the utilization of large scale enter¬ 
prise class email environment assets and to reduce 
the cost to organization while increasing the securi¬ 
ty, resilience, and responsiveness to changing end- 
user and organizational needs. 

EXC07: DATABASE PORTABILITY- 
HA WITHOUT CLUSTERS 
ROBERT DAWSON 

Do you have a need for High Availability? Is clus¬ 
tering not an option due to resources, training, 
or complexity? Database portability can help. In 
just a few minutes more than the time it takes to 
recover your database from backup, you can 
have your Exchange Mailboxes back online and 
fully functional. 


EXC08: MIGRATION TO EXCHANGE 2007: 
THE FRONT END 

ROBERT DAWSON 

If you have a front-end/back-end scenario and 
want to move to or coexist Exchange 2007 and 
Exchange 2003, this seminar is for you. The 
instructor will go over coexistence strategy and 
which steps to take at what time. You will also 
learn to set up your new front-end servers in a 
multiple site, single URL environment, using ISA 
to proxy and load balance your server farm. You 
can do all of this without large interruptions and 
re-education to the end-user community. 

EXC09: USING ARCHIVING SOLUTIONS 
TO IMPROVE EXCHANGE OPERATIONAL 
EFFECTIVENESS 

KIERAN MCCORRY 

Using an archiving product can reap significant 
benefits for the operational effectiveness of your 
e-mail system. This case-study based session will 
describe possible architectural solutions and 
benefits from implementing such solutions 
alongside your Exchange environment. 

EXC10: EXCHANGE 2007 AND WINDOWS 
2008: BACKUPS THE EASY WAY 
MICHAEL B. SMITH 

Server 2008 removed the venerable ntbackup and 
replaced it with Windows Server Backup; which 
lacks the capability of generating backups and 
restores for Exchange. Until now, you've only had 
the option of acquiring a third-party backup solu¬ 
tion. I'll show you how to do your backups with 
VSS and restore them. With just a little PowerShell 
scripting and help from the Windows Server SDK, 
you can replace all the functionality of ntbackup. 

EXC11: SMALL-AND-MEDIUM ORGANIZATION 
EXCHANGE SERVER OPERATIONS 
MICHAEL B. SMITH 

Once you've configured Exchange Server, it just 
sits there and hums along. But you, the Exchange 
administrator, need to be taking proactive interest 
in monitoring your Exchange server. This session 
discusses the "must do" monitoring and how to do 
this inexpensively. This will include a PowerShell 
script that can get this information for you. 

EXC12: QUICKTEST: BUILDING AN 
EXCHANGE TEST ENVIRONMENT IN A HURRY 
MICHAEL B. SMITH 

This session discusses building an Exchange Server 
(and client!) test environment based on virtualiza¬ 
tion. This session will use Virtual PC 2007, but the 
concepts are applicable to Hyper-V and VMware. 


SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 
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MICROSOFT EXCHANGE 

SESSIONS 


EXC13: SCMDM AND EXCHANGE: 

IS THERE ROOM FOR BOTH? 

PATRICK SALMON 

Like Exchange, SCMDM 2008 has numerous poli¬ 
cies which the administrator can apply to the 
Windows Mobile device. At first glance it may 
appear that there's considerable overlap, thus 
making it hard for the decision-maker to make 
the best choice for their organization. This ses¬ 
sion is aimed at the Architect, designer, and 
implementer who is looking to put the best 
solution in place for their organization and will 
highlight the differences and commonalities 
between both products. 

EXC14: FITTING SCMDM INTO YOUR 
EXCHANGE ENVIRONMENT 

PATRICK SALMON 

Exchange is the "quick hit" Line of Business (LoB) 
application for SCMDM. Most customers when dis¬ 
cussing provisioning, supporting, and managing 
Windows Mobile in the enterprise will look to 
Exchange as being the primary application that 
they'll want to make available to their Windows 
Mobile community. This session is aimed at 
covering the key issues when it comes to plan¬ 
ning, deploying, and scaling SCMDM in order 
to successfully integrate it with Exchange in 
your environment. 

EXC17: VIRTUALIZING EXCHANGE 
DEVIN GANGER 

With the release of Hyper-V for Windows Server 
2008 and System Center Virtual Machine 
Manager, Microsoft has put serious virtualization 
technology on the table. But does it make sense 
to have a virtualized Exchange deployment? 

This session will look at the various benefits, 
limitations, and challenges of deploying 
Exchange in a virtual environment. How will it 
affect licensing, storage design, backup and 
recovery, and support? 

EXC18: EXCHANGE PROTECTION USING 
DATA PROTECTION MANAGER 

DEVIN GANGER 

Backing up and restoring Exchange servers is an 
essential part of keeping your messaging infra¬ 
structure up and running, but it's often a source 
of pain. Why should you consider using Microsoft 
System Center Data Protection Manager 2007 to 
protect your Exchange servers and clusters? What 
configurations are supported and what limitations 
does this place on your Exchange design? This 
session covers protecting Exchange 2003 and 
2007 servers and clustered environments, includ¬ 
ing the new Exchange 2007 replication options. 


EXC20: TRANSPORT RULES: 

EXCHANGE 2007'S KILLER FEATURE? 
WILLIAM LEFKOVICS 

Remember back when your boss/CIO/clients want¬ 
ed to do something simple like add a disclaimer to 
certain messages or prepend text to the message 
subject line and your answer was... "We need a 
third-party product or an Event Sink program¬ 
mer?" Exchange 2007 Transport Rules for some 
represent the killer feature in the latest version of 
Exchange Server. This session walks you through 
the transport rules interface, discusses transport 
agent architecture, and creates some transport 
rules including the use of Message Classifications 
in creating Ethical Walls within the organization. 

EXC21: DEFENSE IN DEPTH WITH 
EXCHANGE EDGE SERVICES 
WILLIAM LEFKOVICS 

This session walks you through the layers of anti¬ 
spam protection available within Microsoft 
Exchange Server 2007 out of the box and discuss 
the importance of eliminating undesirable con¬ 
tent as early as possible in the SMTP conversa¬ 
tion. The session will cover importing settings 
from Exchange 2003 and different mechanisms 
for applying settings to multiple Edge Servers. 

EXC22:1 WISH I HAD KNOWN... 
EXCHANGE 2007 UPGRADE LESSONS 
FROM THE FIELD 

JIM MCBEE 

Get practical advice and experiences to help pre¬ 
pare you for Exchange Server 2007. Exchange 
Server 2007 has been out now for two years but 
only now are many organizations moving forward 
with plans to upgrade. This overview session cov¬ 
ers many of the common problems and their solu¬ 
tions that early adopters have experienced when 
moving from Exchange Server 2000/2003 to 
Exchange Server 2007. Even if you are not ready to 
upgrade yet, you will take away a checklist of 
things you can do to help get you prepared. 

EXC23: YOU CAN TAKE IT WITH YOU... 
TAKING ADVANTAGE OF EXCHANGE 2007 
DATABASE PORTABILITY 
JIM MCBEE 

This intermediate level session examines the new 
Exchange Server 2007 database portability fea¬ 
ture that allows a database to be moved to a dif¬ 
ferent Exchange 2007 server. The session looks 
at copying databases to another server in the 
same organization, using Standby Continuous 
Replication, Move-Mailbox options, and moving a 
database to a new organization entirely. 


EXC24: AMAZE YOUR FRIENDS AND 
USERS WITH GLOBAL ADDRESS LIST 
TIPS AND TRICKS 
JIM MCBEE 

Eor most organizations with Exchange, the Global 
Address List (GAL) becomes your company's cor¬ 
porate phone directory. Most Exchange adminis¬ 
trators don't realize that you can further cus¬ 
tomize the GAL and do some very simple things 
that will make this resource even more valuable 
for your users. This intermediate level session 
takes a look at some things you can do to cus¬ 
tomize the GAL including creating address lists, 
customizing details templates, defining 
"resource" objects, and creating a naming stan¬ 
dard that helps with sorting. 

EXC25: POWERSHELL 101 

PAUL ROBICHAUX 

The Exchange Management Shell (EMS) is a key part 
of the Exchange 2007 experience. What if you're not 
a scripter? Don't worry; you can still get plenty 
done with EMS after just a little learning. This ses¬ 
sion covers the basics of what you need to know 
about how EMS works and what you can do with it. 

EXC27: WHAT'S NEW IN EXCHANGE? 
PAUL ROBICHAUX 

This session gives an overview of the most note¬ 
worthy new features and enhancements for E14 
(Exchange v14) that you should know about. 


UNIFIED COMMUNICATIONS 


EXC05: INTEGRATING EXCHANGE 
UNIFIED MESSAGING WITH OFFICE 
COMMUNICATIONS SERVER 2007 
DAVE BANTHORPE 

Office Communications Server 2007 and the 
Unified Messaging server role in Exchange 2007 
form the core components of the Microsoft Unified 
Communications story. The Exchange 2007 Unified 
Messaging role provides the ability to store voice- 
mail and fax data in the same inbox as your email. 
But how can you leverage the Unified Messaging 
role with your Office Communications Server infra¬ 
structure? This session looks at the integration of 
these two components and provides guidance on 
how and where they should be deployed. 

EXC06: MANAGING AND MONITORING 
MICROSOFT UNIFIED COMMUNICATIONS 
ENVIRONMENTS 
DAVE BANTHORPE 

Office Communications Server 2007 and the 
Unified Messaging server role in Exchange 2007 
form the core components of the Microsoft Unified 
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Communications story. The management and moni¬ 
toring of voice-related traffic presents a different 
set of challenges to the IT administrator than those 
with e-mail. E-mail delivery times are relatively 
easy to report on, but what should you look for in 
voice traffic? How is the data collected and what 
do you do with it? This session looks at the 
Microsoft tools (QMS, QoE, etc.) available to you, 
how they integrate into the solution, and what fea¬ 
tures they provide. 

EXC15: SECURITY LESSONS LEARNED FOR 
OCS r EXCHANGE, AND SCMDM DEPLOYMENT 
PATRICK SALMON 

While taken from the numerous challenging cus¬ 
tomer scenarios encountered during the SCMDM 
2008 TAP, the lessons shared here are equally 
applicable for those deploying OCS and Exchange 
Edge servers into the perimeter network. That 
hardest part of working with any security team is 
getting a Windows Server 2003 server into this 
exposed and potentially high-risk zone. This ses¬ 
sion is aimed at helping you, as someone tasked 
with equal responsibility for protecting the 
enterprise, to work with security, networking, and 
firewall professionals on the basis of presenting 
them with solutions instead of challenges. 


A CONFERENCE PUBLICATION 



My Win Connections 

magazine 


A conference is about community and we 
want to keep our community connected 
between shows. 


Our new magazine gives you a chance to: 

> Read articles from some of our 
speakers on their hottest 
sessions at the show 

> Check out the on-site 
interviews with speakers 
and attendees 


> Stay connected to the cool friends 
you met at the show 


The magazine will be published a few weeks after each conference. 
We’ll send you a link when it is hot off the (virtual) presses! 


www.WinConnections.com/IT mag 

EVERY ATTENDEE RECEIVES 


A one-year subscription to 



EXC16: THE COLLABORATION BLENDER 

DEVIN GANGER 

Exchange Server, SharePoint Services, and Outlook 
all have well-defined core capabilities. However, 
they also have a lot of interaction points and over¬ 
lapping features. What types of content should I 
put in Exchange, what should I put in SharePoint, 
and how do you make them work together? This 
session will examine how to integrate Exchange 
and SharePoint together to provide a better user¬ 
facing experience in Outlook. 

EXC19: THE UC DEVICE STORY 
LEE MACKEY 

This session will cover all of the UC devices from 
Microsoft, Jabra, Polycom, LG Nortels, and others 
that are used today for OCS and Exchange. The ses¬ 
sion will go over the different scenarios where they 
are best deployed, as well as walking through con¬ 
figurations for users. It will also go through the pit- 
falls of the current Update Server from Microsoft 
and how it's deployed. Currently the Update Server 
has challenges for an Enterprise deployment and 
when considering deploying UC Devices, it's critical 
to know the pitfalls of installing. 

EXC26: EXCHANGE ONLINE 
PAUL ROBICHAUX 

Come find out the latest information on 
Microsoft's plans for hosting Exchange and Office 
Communications Server. 


Three Lunches 

Three Continental Breakfasts 
Reception 

Proceedings Resource CD 
Conference T-Shirt and Bag 
...and more 


HARLEY-DAVIDSON GIVEAWAY 




Enter to 


The winner will 


drive one home! 


REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 
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WINDOWS 

MICROSOFT DAY 



THE FOLLOWING SESSIONS WILL ALL BE PRESENTED BY SPEAKERS FROM MICROSOFT. 


NETWORK ACCESS PROTECTION OVERVIEW 
MICROSOFT 

Network Access Protection (NAP) is a policy enforcement platform built into 
Windows Vista and Windows Server 2008 that allows you to better protect 
your private network by enforcing compliance with computer health require¬ 
ments. For example, a firewall must be installed and enabled and the latest 
operating system updates must be installed. With NAP, you can create cus¬ 
tomized health requirement policies to validate computer health before allow¬ 
ing network access or communication, automatically update compliant com¬ 
puters to ensure ongoing compliance, and optionally confine noncompliant 
computers to a restricted network until they become compliant. 

APPLICATION VIRTUALIZATION MANAGEMENT: THE ENTERPRISE 
OF THE FUTURE USING MICROSOFT SYSTEM CENTER 
CONFIGURATION MANAGER 2007 R2 AND MICROSOFT SOFTGRID 
MICROSOFT 

The release of System Center Configuration Manager 2007 has brought strong 
improvements and new capabilities to the enterprise for software distribution. 
In addition, Microsoft Application Virtualization (Formerly SoftGrid) has trans¬ 
formed the way applications are managed and executed. With the release of 
System Center Configuration Manager 2007 R2, these two technologies align to 
offer a complete enterprise platform for managing both physical and virtual 
applications. In this session, we cover a technical overview of Application 
Virtualization Management within System Center Configuration Manager R2, 
and through demonstration we cover the new advanced features this capabili¬ 
ty brings the modern organization. 

DEPLOYING WINDOWS SERVER 2008 HYPER-V AND MICROSOFT 
SYSTEM CENTER VIRTUAL MACHINE MANAGER: BEST PRACTICES 
MICROSOFT 

This session covers the basic process of deploying Hyper-V and VMM in a prod¬ 
uct environment and then highlights best practices. The session covers guid¬ 
ance for bare metal provisioning and fine grained control of Hyper-V. From a 
virtualization management perspective, the session covers the management 
architecture and top ten things to do as part of the deployment process. 

MANAGING WINDOWS SERVER UPDATE SERVICES 3.0 SERVERS 
MICROSOFT 

This session provides tips, tricks, and best practices for managing Windows 
Server Update Services (WSUS) 3 (RTM and SP1) servers, including DB mainte¬ 
nance, cleanup, backup, best practices for deploying updates to desktops and 
servers, and extending the functionality of WSUS through PowerShell and SQL 

MICROSOFT FOREFRONT EDGE SECURITY AND ACCESS PRODUCTS: 
WHAT'S NEW WITH ISA SERVER AND THE INTELLIGENT 
APPLICATION GATEWAY AND A SNEAK PEAK AT THE FUTURE! 
MICROSOFT 

Internet Security and Acceleration (ISA) Server and the Intelligent Application 
Gateway (IAG) provide critical functionality for the management and security 
of inbound and outbound connections between your enterprise and the 
Internet. Learn about key product capabilities and deployment scenarios, and 
discover the new capabilities delivered in the ISA Server Supportability Update 
(e.g.. enhanced troubleshooting, diagnostics, and logging) and IAG Server Pack 
1 (e.g., pre-authentication with ADFS, enhanced smart-card support, perform¬ 
ance improvements). We finish out the session with a glimpse into what lies 
ahead in the future roadmap for both products. 


TECHNICAL INTRODUCTION TO MICROSOFT SYSTEM CENTER DATA 

PROTECTION MANAGER 2007 

MICROSOFT 

In this session, we provide an overview of System Center Data Protection 
Manager (DPM) 2007. You will learn how to use DPM to protect primary work- 
loads-Microsoft SQL Server, Microsoft Exchange, Office SharePoint Server, and 
Microsoft Virtual Server-using both near continuous protection to disk and 
long term archival to tape. 

WINDOWS SERVER 2008 HYPER-V: SECURITY 
AND BEST PRACTICES 

MICROSOFT 

This session focuses on the security best practices for server virtualization 
and what customers need to do from both a platform and management stand¬ 
point to tighten the security for their virtualization environment. The session 
also covers the base architecture of Hyper-V and provides guidance on key 
areas like identity management, network hardening, etc. 

WINDOWS SERVER 2008 TERMINAL SERVER SECURITY 
AND AUTHENTICATION 

MICROSOFT 

Windows Server 2008 introduces many new Terminal Services (TS) capabilities 
that can be used to provide access to applications and data from anywhere. 
This session focuses on securing that connectivity and begins with a look at 
the underlying encryption and authentication options in TS. We then investi¬ 
gate security best practices for TS Gateway and finally focus on integration 
with Forefront Edge products and Network Access Protection. You'll leave the 
session with a strong understanding of how to design secure anywhere access 
solutions on Windows Server 2008 Terminal Services. 


SPONSORSHIP/EXHIBIT INFORMATION 


For sponsorship 
information, contact 

Rod Dunlap 

Tel: 480-917-3527 
E-mail: rod@devconnections.com 

SEE WEB SITE 
FOR MORE DETAILS 
www.WinConnections.com 
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BUSINESS 


EVERYTHING YOU NEED TO KNOW ABOUT 
STORAGE TECHNOLOGIES BUT WERE 
AFRAID TO ASK 

ALAN SUGANO 

If your company is like most companies, you are 
probably running low on disk space as storage 
hungry applications eat up disk space like con¬ 
testants in a pie-eating contest. But what's the 
best solution for your company? With the advent 
of newer drive interface technologies like Serial 
Attached SCSI (SAS) and Serial ATA (SATA), there 
is a lot more to choose from when selecting a 
storage solution. This session will cover the stor¬ 
age basics of locally attached storage, network 
attached storage (NAS), just a bunch of disks 
(JBODs), and storage area networks (SANs), what 
they are, where they are typically used, and how 
they fit into a comprehensive storage strategy 
for your company. Well also look at the 
enhancements to Windows Storage Server (WSS) 
that are scheduled to be released with Windows 
Server 2008. 

SQL SERVER ADMINISTRATION FOR THE 
NON-DBA 

ALAN SUGANO 

Ok, so you became the SQL Server DBA by 
default because you were already the network 
administrator. You know that administration of a 
SQL Server can be a scary and difficult task to 
undertake, especially when you're new to SQL 
Server. This session will discuss the basics of 
SQL Server Administration, including backup, 
performance tuning, moving databases, manag¬ 
ing stored procedures, log shipping, database 
mirroring, basic security, Windows versus SQL 
Server authentication, connecting to SQL Server 
and monitoring of log files and databases. This 
session will cover the basics of the care and 
feeding of SQL Server to ensure your SQL Server 
will be stable and reliable. 


DEPLOYMENT, GROUP POLICY, 
MANAGEMENT 


DIVE DEEP INTO THE WINDOWS 
AUTOMATED INSTALLATION TOOLKIT 1.1 
RHONDA LAYFIELD 

The WAIK has been out for a while so some of you 
may think you've heard it all-this session is for 
novices and experts alike. Truly understand how 
.WIM files are created and applied, from the meta¬ 
data and file data to the hashes that are created 
and the compression algorithms used in the new 
ImageX utility. Find out what's new in the 


Windows Pre-installation environment 2.1. 

And, don't miss the Windows System Image 
Manager that allows you to create custom .xml 
automated installation scripts-there is a guite a 
learning curve in getting started with this utility. 
So, let DDPS Rhonda Layfield, who is one of six 
Deployment MVPs in the country, give you the 
quick down and dirty on how to get started as 
well as address some known issues. 

ACTIVE DIRECTORY AND POWERSHELL- 
A MATCH MADE IN HEAVEN 
DARREN MAR-ELIA 

From using the ADSI "adapter" to working with AD 
directly within PowerShell, this session will focus 
on providing tips and techniques for scripting a 
variety of AD management operations using 
PowerShell. We'll show you how you can create 
and edit AD objects and attributes, perform 
searches, and perform advanced management 
tasks against AD using PowerShell. 

DIVE DEEP INTO THE MICROSOFT 
DEPLOYMENT TOOLKIT 
RHONDA LAYFIELD 

If you are new to Microsoft's deployment tools or 
an expert already, this session is for you! The 
Microsoft Deployment Toolkit (MDT, formerly 
known as the BDD) is a simplified way of using 
Microsoft's other deployment tools like ImageX, 
WinPE, and WSIM. It has some cool new features 
like: the powerful task sequencer and new tem¬ 
plates available that give you more control than 
ever before of your deployments, and more 
extensive support for deploying Windows Servers, 
including automated role installation using Server 
Manager in Windows Server 2008. And Vista SP1 
has some quirky deployment issues that are alle¬ 
viated by the MDT. Let Rhonda Layfield, who is 
one of 30 Microsoft Deployment MVPs in the 
world, walk you through the improvements and 
the pitfalls of life touch installations and zero 
touch installations. 

THE SCARY TRUTH ABOUT GROUP POLICY 
DARREN MAR-ELIA 

This session is a highly advanced look at the 
internals of Group Policy-how it works at the low¬ 
est levels and how you can bend it to your will. 
This session is not for the faint of heart. We will 
look deep under the covers of Group Policy stor¬ 
age and Group Policy processing, and uncover 
mysteries such as why some registry policies tat¬ 
too and others don't, why Group Policy sometimes 
seems to work and sometimes doesn't, and other 
important secrets that Microsoft won't tell you. 


WHAT KEEPS YOU AWAKE AT NIGHT? 

AN AD FUNDAMENTALS CHECKLIST 

SEAN DEUBY 

As an IT professional in a time of shrinking budg¬ 
ets, the top of your to-do list probably involves 
fighting fires and getting only the most important 
"must-do" items finished. Your AD is running, but 
you haven't had time to knock out those impor- 
tant-but-not-urgent AD configuration tasks. Do 
you have backups that really work? If they do, 
what about a tested disaster recovery plan that 
uses them? Do you have a backup copy of your 
DNS configuration? Attend this session to review 
what you've done so far, and time-efficient ways 
to make your AD implementations more secure, 
reliable, and low effort. 

WHAT'S NEW IN GROUP POLICY PART I: 
VISTA, WINDOWS SERVER 2008, THE 
GROUP POLICY PREFERENCES, AND MORE 

JEREMY MOSKOWITZ 

What's new in Group Policy? Short answer: lots. 
With Microsoft releasing Windows Server 2008, 
Windows Vista, an updated GPMC, and the Group 
Policy Preference Extensions, it's like a 
Thanksgiving dinner you get to eat every day! So 
come hear the essential "What every admin 
absolutely needs to know" about Windows Vista 
and Group Policy. Learn why you need a modern 
management station to support the new GPMC. 
Learn how to lock out hardware, zap printers, 
and keep yourself out of trouble with new 
"MLGPOs." See the 21 new "big things" Microsoft 
has gifted to every administrator. Even if you're 
not ready for Windows Vista now, that's okay, you 
positively must come to this session to learn the 
ropes from Jeremy Moskowitz, Group Policy MVP. 
(Note some material is covered in Jeremy's pre¬ 
conference workshop.) 

WHAT'S NEW IN GROUP POLICY PART II: 
TROUBLESHOOTING 

JEREMY MOSKOWITZ 

The beauty of Group Policy changes in Windows 
Vista is not skin deep. There are some basic and 
detailed changes lying under the hood. Jeremy 
Moskowitz, Group Policy MVP of GPanswers.com 
and author of Group Policy Fundamentals, Security, 
and Troubleshooting is just the guy to bring it to 
you. In this session, you'll learn why you can't 
just run gpresule.exe anymore and get the 
results you want. You'll discover what happens 
if you reconnect to a network after a long 
absence. You'll learn how to crack open the new 
Vista event log and trace Group Policy flow to 
figure out what might be going on. You'll learn 
how to troubleshoot the new Group Policy 
Preference Extensions. You'll learn how other 
areas, like Offline Files and Group Policy 


SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 


REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 


www.WinConnections.com 


11 











WINDOWS 

SESSIONS 



Software Installation can be tweaked to give 
you just the information you need to fix what 
ails you. If you're looking for Group Policy 
answers to your troubleshooting questions, this 
is the session for you. 

WINDOWS DEPLOYMENT SERVICES IN 
SERVER 2008-W0W 
RHONDA LAYFIELD 

You may already know WDS replaces the Remote 
Installation Service (RIS), but what you might not 
know is that WDS in Server 2008 is a very useful 
(and free) deployment tool that's well worth tak¬ 
ing the time to understand. WDS lets you create 
and store a library of XP, Vista, and Server 
2003/2008 file-based images. The images are 
delivered to your bare-metal machines using a 
new Multicasting protocol-no floppies required. 
The new WDS management tools allow adminis¬ 
trators to monitor real-time progress of clients 
along with full logging and reporting. No more 
guessing as to which clients received the image 
and which did not and why. Join Rhonda Layfield, 
one of the very few holders of the Desktop 
Deployment Product Specialist Certification and 
one of six Microsoft Deployment MVPs in the U.S., 
who has been using and writing about WDS since 
it shipped in the Windows Automated Installation 
Toolkit in November of 2006. Get the details on 
the new Multicasting protocol along with a look at 
the new TFTP performance enhancements and 
Extensible Firmware Interface (EFI) network boot 
support for x64 systems. Don't miss this session 
with the "Deployment Diva" if you ever plan to 
deploy images in your environment! 


POWERSHELL 


LEARNING TO LOVE POWERSHELL 
DARREN MAR-ELIA 

This session will provide an introductory look at 
this most powerful of Microsoft scripting tech¬ 
nologies. In this session, you'll learn the differ¬ 
ence between a cmdlet, a function, and a script 
and how you can create and use each. Most 
importantly, you'll learn what the pipeline is all 
about and how you can leverage it to automate 
any number of administrative tasks. We'll also 
take a spin around learning how to navigate the 
file system and registry using PowerShell's very 
powerful "PSDrive" capabilities. Finally, we'll look 
at some more interesting features, like getting 
access to WMI using PowerShell, to show how you 
can get at a whole world of systems manage¬ 
ment capabilities. 


www.WinConnections.com 


SECURITY 


DEEP DIVE INTO DEPLOYING WINDOWS 
SERVER 2008 PKI (TWO-PART SESSION) 

BRIAN KOMAR 

A public key infrastructure (PKI) is a fundamental 
component of an enterprise security strategy. A 
PKI supports and affects logon authentication, 
encryption, application security, and more. In this 
two-part session, exclusive to Windows 
Connections, PKI guru Brian Komar will highlight 
the changes introduced in Windows Server 2008 
that will assist your PKI deployment. The session 
will include integrating Windows 2008 CAs into an 
existing Windows 2003 PKI, upgrading existing 
CAs, and how to implement CA clustering. 

NOTES FROM THE FIELD: DEPLOYING 
MICROSOFT IDENTITY LIFECYCLE 
MANAGER 2007 CERTIFICATE 
MANAGEMENT 

BRIAN KOMAR 

Many organizations are considering deploying 
Identity Lifecycle Manager 2007 Certificate 
Management (aka CLM) to manage their smart 
card deployment. This session brings information 
from MCS engagements where CLM and smart 
cards were deployed. The session highlights what 
lessons were learned by MCS and the customers 
during these deployments including methods of 
increasing security, performance, and meeting 
customer security policies. 

REIMAGINING SECURITY AND 
MANAGEABILITY: WINDOWS SERVER 
2008 FILE SERVER ROLE 
DAN HOLME 

Windows Server 2008 improves on the solid per¬ 
formance and functionality of previous versions 
of Windows file services. Features such as file 
screens, quotas, DFS Namespaces, access-based 
enumeration, and the powerful new Owner Rights 
identity are important pieces of the puzzle. But to 
implement the perfect file server, you need more. 
You need the ability to answer the questions, 

"Who has access to this file?" and "What can John 
Doe get to?" Get the free tools and scripts you 
need for a more manageable file server. 

STEP-BY-STEP: CREATING A SECURE 
DESKTOP WITH GROUP POLICY 
DARREN MAR-ELIA 

This session focuses on practical guidance for 
using the myriad of security features within 
Group Policy to create a secure desktop configu¬ 
ration. We will walk through how you can imple¬ 
ment features such as Software Restriction 


Policy, Windows Firewall, IPSec, IE security and 
related technologies and provide practical advice 
that you can implement in your environment 
right away. 


VIRTUALIZATION 


INCORPORATING VIRTUALIZATION INTO 
DISASTER RECOVERY 

ALAN SUGANO 

A comprehensive Disaster Recovery Plan is some¬ 
thing that every company should have and hope¬ 
fully will never have to use. Having a plan in place 
that provided a road map to recovery was ade¬ 
quate in the past, but recent emphasis has been 
placed on the speed of the recovery. Sarbanes- 
Oxley (SOX) compliance companies must disclose 
their business continuity plans and the company's 
exposure to a prolonged outage and how it 
affects financial reporting. Virtualization can sig¬ 
nificantly reduce the recovery time for a major 
disaster by providing a warm or hot remote 
recovery site and accelerate workstation and 
server setup. 

MICROSOFT APPLICATION 
VIRTUALIZATION (SOFTGRID) 101 

JEREMY MOSKOWITZ 

Let me guess: your machines just "blow up" now 
and again. And I know why. It's because you have 
a zillion applications on them with a half a zillion 
conflicts and things just "deteriorate" over time. 
Wouldn't it be neat if you could just eliminate that 
problem altogether? Well, with Microsoft 
Application Virtualization, better known as 
Softgrid, you can. It works by "wrapping up" your 
existing software into "sequences," and then put¬ 
ting them into a virtual sandbox. The upshot? 

Your applications aren't running "on" Windows. 
They're running within the sandbox. So, no more 
desktop deterioration. Oh, and learn how to use 
your existing management tool (like Group Policy, 
LANDesk, or SCCM 2007) to deploy Softgrid appli¬ 
cations to your existing desktops and servers. 
Softgrid is a big place, but come to this session to 
make sure you know the ins and outs before you 
get it in your organization! 

REAL CONTROL FOR YOUR VIRTUAL 
ENVIRONMENT: SYSTEM CENTER VIRTUAL 
MACHINE MANAGER 2008 
SEAN DEUBY 

Managing your virtual machines presents a differ¬ 
ent set of challenges than managing physical 
servers. Virtual systems move around on different 
physical hosts, they can be quickly provisioned or 
deprovisioned, their large disk images present 
unique management, security, and performance 
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challenges.Jhe list goes on. Microsoft's System 
Center Virtual Machine Manager (SCVMM) 2008 is 
designed to handle all these challenges of man¬ 
aging virtual systems from both Microsoft and 
VMware, from workgroup-sized configurations to 
full enterprise deployments. SCVMM 2008 fully 
supports Microsoft's Hyper-V virtualization tech¬ 
nology, and Hyper-V functionality will be 
reviewed. Check out this session to learn how to 
quickly begin using SCVMM to manage your entire 
virtual environment. 


WINDOWS TECHNOLOGIES 


ACTIVE DIRECTORY DOMAIN SERVICES 

DRILL-DOWN 

DAN HOLME 

Windows Server 2008 enhances Active Directory 
Domain Services in many ways. Some, like read¬ 
only domain controllers, are highly touted and 
well documented. Some, like fine-grained pass¬ 
word policy and directory services auditing, are 
highly touted but less well understood. And oth¬ 
ers, like subtle changes to functionality of DFS 
and new attributes, aren't touted though they 
should be! Join Dan Holme, author of Microsoft's 
Active Directory exam Training Kit, for a fast- 
paced, solutions-focused look at the most impo- 
rant new features of Windows Server 2008 AD DS. 

ADMINISTRATORS' IDOL: THE COOLEST 
SESSION EVER 
DAN HOLME 

OK, the title got your attention at least, right? So 
here's the scoop. From his work with thousands of 
IT professionals, from the CIOs of Fortune compa¬ 
nies to front-line support professionals at the 
Olympic games with NBC, Dan has amassed a 
wealth of tricks to boost your productivity as an 
administrator. In this fast-paced session, Dan will 
share how to build truly amazing administrative 
toolsets that extend your reach, automate tedious 
tasks, and enable your entire IT organization to 
work smarter, faster, and more securely. You'll 
learn tricks that will amaze not only your friends 
and coworkers, but yourself as well. 

GOING COLD TURKEY ON THE GUI: 
SERVER CORE STEP BY STEP 

MARK MINASI 

For years you've known it: you've just GOT to get 
more familiar with the command line. You get 
things done faster, you can create simple batch 
files for automating many tasks, and, best of all, 
when you're working from the GUI, then your 
boss starts to think: "Hey, what IS that thing 
he/she's using? We need to pay techie employ¬ 
ees like them more money!" Well, Windows 2008 


command-line-only Server Core has arrived, so 
here is your opportunity. Mark Minasi walks you 
through the process of building a Server Core 
server from setup to initial configuration to full¬ 
blown DNS, Active Directory, and more. Every 
step includes the specific commands, options, 
and working examples to ease the path from 
"GUI admin" to "command-line ninja!" 

IPV6 FOR THE RELUCTANT: WHAT TO 
KNOW BEFORE YOU TURN OFF V6 (AND 
WHY IT MIGHT GET YOU FIRED) 

MARK MINASI 

Vista has arrived. Windows Server 2008 has 
arrived. And with them they bring ...IPv6. Your first 
reaction when you see an IPv6 address like 
"fe80::5efe:10.50.50.112" might be: "Hmmm... that's 
a lotta colons, and I KNOW what comes out of 
colons!" But is that the RIGHT reaction? Join vet¬ 
eran Windows explainer Mark Minasi in a look at 
the latest version of IPv6... and whether you'll 
want to leave it on or turn it off. In this whirlwind 
tour, Mark explains the motivation for IPv6 and 
the technologies behind its implementation 
(which saves you from having to read 30 RFCs), 
and then focuses on the specifics of the Microsoft 
in-the-box IPv6 stack. In the process you may just 
decide that IPv6 is pretty nifty, after all! 

NAME RESOLUTION 2008 STYLE-WHAT'S 
NEW IN DNS FOR SERVER 2008? 

MARK MINASI 

Windows Server 2008 is here-and so is DNS, 2008 
style! What's the story with WINS; is it time to go? 
How does Windows 2008 DNS affect Active 
Directory? What about those new "magic" 
records, the DNAME and GLOBALNAMES feature? 
And most important, how the heck do I administer 
a DNS server running on Server Core? Eind out 
with the Master of Name Resolution, Mark Minasi! 

PLANNING FOR WINDOWS SERVER 2008 
AND VISTA LICENSING 

SEAN DEUBY 

Any rollout of Windows Server 2008 or Vista 
requires planning for Volume Activation 2.0. If 
you don't, your systems will grind to a halt a 
month after you've deployed them. You have to 
make a number of design decisions for your VA 
2.0 infrastructure; this session will provide you 
with key information from practical experience to 
help you plan. 


SAY G'BYE TO FILE SHARES: 21ST 
CENTURY COLLABORATION WITH WSS 
DOCUMENT LIBRARIES 
DAN HOLME 

It's time to start moving your shared folders to 
SharePoint. Why? Because the features that we've 
all been missing-including document metadata, 
checkout, version control, and content approval- 
are now achievable using Windows SharePoint 
Services document libraries. Learn how to move 
forward into a new era of document management 
in this practical application of Windows SharePoint 
Services. Discover advanced and underdocument¬ 
ed solutions for providing users shortcuts to docu¬ 
ment libraries, serving custom templates, and 
working with document properties. 

VISTA TAKE TWO: A LOOK AT VISTA SP1... 
AND WHETHER VISTA'S NOW READY 
FOR YOU 

MARK MINASI 

Okay, all of you Vista haters-it's here! You've 
been saying "urn, I'm not really sure about Vista, 
so I'm going to wait for SP1," so let's ask: Is it 
good enough yet? Join a Windows techie, an 
unabashed and unrepentant Vista liker, in a 
steely-eyed look at Windows Vista SP1. First, learn 
the easiest ways to roll it out, and how it affects 
Windows new nifty deployment tools. Then, really 
dive down with a look at how it affects perform¬ 
ance and compatibility. Following that, see what 
completely new things arrive with SP1. Does SP1 
make things better? Worse? Will it actually take 
so long to download that Windows Vista SP2 will 
be out before you get it? Join Mark for this ses¬ 
sion and find out! 


SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 


REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 


www.WinConnections.com 
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SHAREPDINT 

MICROSOFT DAY 



THE FOLLOWING SESSIONS WILL ALL BE PRESENTED BY SPEAKERS FROM MICROSOFT. 


NOT JUST SPREADSHEETS: MICROSOFT OFFICE AND EXCEL AS A 
BUSINESS INTELLIGENCE DEVELOPMENT PLATFORM 

MICROSOFT 

INTRODUCTION TO SHAREPOINT DEVELOPMENT WITH MICROSOFT 

VISUAL STUDIO 2008 

MICROSOFT 

DEVELOPING YOUR FIRST OFFICE BUSINESS APPLICATION: FROM 
THE CLIENT TO SHAREPOINT AND BEYOND 

MICROSOFT 

LIGHT UP YOUR SHAREPOINT WEB SITE WITH MICROSOFT 

SILVERLIGHT AND AJAX 

MICROSOFT 


SHAREPOINT AND ECM: EMPOWERING YOUR USERS WHILE 
MAINTAINING INFORMATION GOVERNANCE AND COMPLIANCE 

MICROSOFT 

MASHING-UP THE WEB: SHAREPOINT AND SHAREPOINT DESIGNER 

MICROSOFT 

CUSTOMIZING AND EXTENDING SHAREPOINT SEARCH 

MICROSOFT 

SHAREPOINT: IT IS NOT JUST FOR INTRANETS-EXTENDING 
SHAREPOINT TO THE EXTRANET AND INTERNET 

MICROSOFT 


SHAREPDINT 

SESSIONS 


BUSINESS INTELLIGENCE 
AND SHAREPOINT 


HBI101:10 THINGS YOU NEED TO KNOW 
ABOUT PERFORMANCEPOINT SERVER 

MAURO CARDARELLI 

HBI301: CONNECTING TO YOUR ORACLE 
DATA WITH SHAREPOINT 

MAURO CARDARELLI 

HBI302: BUILDING A SALES PIPELINE 
APPLICATION WITH REPORT CENTER 

MAURO CARDARELLI 


DEPLOYMENT ADMINISTRATION, 
OPERATION, AND OPTIMIZATION 
OF SHAREPOINT 


HBI303: INTRODUCTION TO MOSS 

ADMINISTRATION 

MICHAEL BLUMENTHAL 

HBI304: SITE PROVISIONING SOLUTIONS 
MICHAEL BLUMENTHAL 


FORMS AND WORKFLOW 
WITH SHAREPOINT 


HFW301: CONVERT YOUR EXISTING WORD 
AND EXCEL FORMS TO INFOPATH 
ASIF REHMANI 

HFW302: DESIGN POWERFUL WORKFLOWS 
WITH SHAREPOINT DESIGNER 

ASIF REHMANI 

HFW303: SIGN YOUR INFOPATH 
ELECTRONIC FORMS USING DIGITAL 
SIGNATURES AND PUBLISH 
TO FORMS SERVER 
ASIF REHMANI 

HFW304: ADDING CODELESS WORKFLOWS 
TO INFOPATH FORM SOLUTIONS 
DAVID GERHARDT 

HFW305 DEVELOPING INFOPATH 
BROWSER FORMS FOR SHAREPOINT 
DAVID GERHARDT 

HFW306: DEVELOPING INFOPATH CLIENT- 
ONLY FORMS FOR SHAREPOINT 
DAVID GERHARDT 


MOSS SEARCH 


HSE301: CUSTOMIZING SEARCH CENTERS 
TO SUPPORT SEARCH SERVER 2008 
DANIEL WEBSTER 

HSE102: HOW MICROSOFT SEARCH SERVER 
2008 EXPANDED SEARCH IN SHAREPOINT 
SERVER 2007 
DANIEL WEBSTER 

HSE303: USING FEDERATED LOCATION 
DEFINITIONS AND LEVERAGING LIVE.COM 
WITH SEARCH 
DANIEL WEBSTER 

HSE304: MOSS SEARCH: IMPROVING 
RELEVANCE AND THE SEARCH EXPERIENCE 
USING THE API 

ERIK MAU 

HSE305: MOSS SEARCH: LEVERAGING 
YOUR INVESTMENT IN THE PLATFORM 

ERIK MAU 

HSE306: MOSS SEARCH: UNIFYING 
BUSINESS DATA AND DOCUMENTS 
ERIK MAU 


SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 
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SHAREPOINT ARCHITECTURE 
AND CAPACITY PLANNING 


HAR201: INFORMATION ARCHITECTURE 
FOR A MOSS INTRANET 
MICHAEL BLUMENTHAL 

HAR302: ARCHITECTING A HIGHLY 
REDUNDANT SHAREPOINT 2007 FARM 
MICHAEL NOEL 

HAR303: BUILDING THE PERFECT 
SHAREPOINT FARM: A WALKTHROUGH OF 
BEST PRACTICES FROM THE FIELD 
MICHAEL NOEL 

HAR304: VIRTUALIZING SHAREPOINT 

COMPONENTS 

MICHAEL NOEL 


SHAREPOINT CUSTOMIZATION 


HCS301: AUTOMATING COMMON 
SHAREPOINT TASKS WITH POWERSHELL 
NEIL IVERSEN 

HCS202: EFFECTIVELY USING FEATURES 
AND SOLUTIONS 
NEIL IVERSEN 


HCS403: PACKAGING YOUR ADVANCED 
SHAREPOINT CUSTOMIZATIONS 
NEIL IVERSEN 

HCS304: INTEGRATING ACCESS 
AND SHAREPOINT 

TY ANDERSON 

HCS305: OUTLOOK AND SHAREPOINT 
USING LINO TO SQL 

TY ANDERSON 

HCS306: BUILDING CUSTOM WORKFLOWS 
WITH VSTO 

TY ANDERSON 


SHAREPOINT FOR 
ENTERPRISE CONTENT 
MANAGEMENT 


HEC301: CREATING AND DEPLOYING A 
CUSTOM DOCUMENT CONVERTER FOR 
SHAREPOINT 2007 
PAUL STORK 

HEC302: DEPLOYING CONTENT AND 
INFRASTRUCTURE IN A WEB CONTENT 
MANAGEMENT ENVIRONMENT 

PAUL STORK 


HEC303: DEVELOPING PRINTABLE 
SHAREPOINT PAGE LAYOUTS USING CSS 
PAUL STORK 

HEC204: FIVE SHAREPOINT FRIENDS IN AN 
ECM WORLD 

SAHIL MALIK 

HEC305: LARGE OBJECT STORAGE 
IN SHAREPOINT 

SAHIL MALIK 

HEC306: WHY CONTENT TYPES 
ARE YOUR FRIEND 

SAHIL MALIK 


SHAREPOINT SECURITY AND 
EXTRANETS 


HSC301: SHAREPOINT PERSONALITY 
DISORDER: FBA, ADFS, LIVEID, NTLM, 
KERBEROS, LDAP... EGAD... 

ROBERT GINSBURG 

HSC302: YOU WANT TO TRUST WHO? 
FEDERATED EXTRANET SCENARIOS 
AND SHAREPOINT (A CASE FOR AN 
IDENTITY FIREWALL) 

ROBERT GINSBURG 

HSC303: SHAREPOINT AND ILM-ACCOUNT 
MANAGEMENT ON STEROIDS 
ROBERT GINSBURG 



REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 


www.WinConnections.com 
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OCTOBER 6-8, 2008 

SAN FRANCISCO MARRIOTT 
SAN FRANCISCO, CA 

BRING YOUR TEAM 
TO IT CONNECTIONS 
IN SAN FRANCISCO 

Strategic and technical expertise 
to guide your technology decisions 
and implementations 



This unique 3-day conference will feature 


Imagine the opportunity for your IT 
leadership-executives and management- 
to develop strategic visions for your 
enterprise technology with the guidance of 
industry leaders...and for IT professionals to 
master the details of implementing those 
technologies through in-depth workshops led 
by renowned experts, then to come together, 


strategic sessions to help your enterprise align 
important new technologies to support your 
near and long term requirements, including: 

■ Virtualization 

■ Cloud Computing 

■ Automation and Consolidation 

■ Green Computing 

■ Unified Communications 

■ Systems Management 

■ Security 


as a team, joined by IT professionals and 


And incredible technical workshops led 


leadership from other business, academic, 
and governmental organizations... To learn... 


by independent, nationally-recognized gurus 
featuring: 


to discuss... to question... to solve... and 
to share. 


■ Windows Server 2008 and Windows Vista 

■ Active Directory, Group Policy, and PowerShell 

■ Exchange and Office Communications Server 

■ SharePoint 

■ System Center 

■ Hyper-V and VMware 

■ SQL Server 2008 


DEVELOPED BY MICROSOFT, TECHNET, PENTON MEDIA, AND HP 



THIS EVENT IS FOR: 

CIOS / CTOS • TECHNICAL DECISION MAKERS • BUSINESS DECISION MAKERS • IT MANAGERS • AND IT PROFESSIONALS 

Bring Your IT Team! 
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A UNIQUE OPPORTUNITY TO GET YOUR TECHNOLOGY 
AND TRAINING FROM MICROSOFT AND INDUSTRY EXPERTS! 



TY ANDERSON 

COGENT 
COMPANY, LLC 



THOMAS 

FOREMAN 



DAVE 

BANTHORPE 



DEVIN L. GANGER 

3 SHARP, LLC 



MICHAEL BLUMENTHAL 

MAGENIC TECHNOLOGIES 



DAVID 

GERHARDT 

3 SHARP, LLC 



MAURO 

CARDARELLI 

JORNATA 





SEAN DEUBY 

ADVAIYA INC. 



SCOTT GUTHRIE 

MICROSOFT 



JUERGEN 

HASSLAUER 

HP 



DAN HOLME 

INTELLIEM, INC. 



NEIL IVERSEN 

INETIUM 



DON JONES 

CONSULTANT/AUTHOR 



BRIAN KOMAR 

IDENTIT, INC. 



RHONDA LAYFIELD 

CONSULTANT/TRAINER 



WILLIAM 

LEFKOVICS 



SAHIL MALIK 

WINSMARTS 



DARREN 

MAR-ELIA 

DESKTOPSTANDARD 



ERIK MAU 

INETIUM 



JIM MCBEE 

ITHICOS SOLUTIONS 


KIERAN MCCORRY 

HP 






STEVE RILEY 

MICROSOFT 



PAUL ROBICHAUX 

3 SHARP, LLC 



PATRICK SALMON 

ENTERPRISE MOBILE 



PAUL STORK 

MINDSHARP 



ALAN SUGANO 

ADS CONSULTING 
GROUP 



KIMBERLY L. TRIPP 

SQLSKILLS.COM 



DANIEL WEBSTER 

MINDSHARP 


...AND MANY MORE EXCITING SPEAKERS! 


SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 


REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 


www.WinConnections.com 
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Network with your colleagues at 
Mandalay Bay Resort & Casino! 
There's so much to do, 
you'll never have to leave 
this 4-star resort! 

• 11-acre tropical lagoon 

• Sandy beach 

• 3/4 mile lazy river 

• 30,000 sq.ft, luxury spa 
and fitness center 

• 16 restaurants on site, 
including The House of Blues 

• 135,000 sq.ft, casino 

• 12,000 seat sports/ 
entertainment complex 

• Shark Reef: 

Not your typical aquarium! 

• Exciting shows and events 


HOTEL ACCOMMODATIONS 

Mandalay Bay Resort and Casino, 3950 Las Vegas Blvd. South, 
Las Vegas, Nevada, 89119 is the conference site and host hotel. 
SPACE IS LIMITED so reserve your room early by calling the 
conference hotline at 800-505-1201 or 203-268-3204. 

* NOTE: ROOMS AT MANDALAY BAY HAVE BEEN TOTALLY REMODELED, VERY COOL! SPACE IS LIMITED • 
LAST YEAR ROOMS SOLD OUT EARLY SO BOOK YOUR ROOM TODAY! 

AIRLINE 

Please call Pericas Travel at 203-562-6668 for airline reservations. 

CAR RENTAL 

Hertz is offering auto rental discounts to attendees. Call the 
Hertz Meeting Desk at 800-654-2240 for reservations and refer 
to code CV# 010R0036 to receive your attendee discount. 

ATTIRE 

The recommended dress for the conference is casual and 
comfortable. Please bring along a sweater or jacket, as the 
ballrooms can get cool with the hotel's air conditioning. 

SPONSORSHIP/EXHIBIT INFORMATION 

For sponsorship information, contact: 

Rod Dunlap 

480-917-3527 phone 

E-mail rod@devconnections.com 

See Web site for more details. www.WinConnections.com 

TAX DEDUCTION 

Your attendance to a DevConnections conference may be tax 
deductible. Visit www.irs.ustreas.gov. Look for topic 513 - 
Educational Expenses. You may be able to deduct the 
conference fee if you undertake to (1) maintain or improve skills 
reguired in your present job; (2) fulfill an employment condition 
mandated by your employer to keep your salary, status, or job. 

GROUP DISCOUNT 

Register individuals from one company at the same time and 
receive a group discount. 


1-3 registrants 

$1,495 per person 

Additional registrants 
after the 3rd 

(4th, 5th, 6th...) 

$1,295 per person 

($200 off each) 


Call 800-505-1201 to take advantage of group discount pricing. 



NOTES & POLICIES: The Conference Producers reserve the right to cancel the conference by refunding the registra¬ 
tion fee. Producers can substitute speakers and topics and cancel sessions without notice or obligation. Updates 
will be posted on our Web site at www.WinConnections.com. Tape recording, photography is not allowed at any ses¬ 
sion. Conference producers will be taking candid pictures of events and reserve the right to reproduce. By attend¬ 
ing this conference you agree to this policy. You may transfer this registration to a colleague. Please inform us if 
you have any special needs or dietary restrictions when you register. The conference registration includes a one- 
year print subscription to Windows IT Pro. Current subscribers will have an additional one year added to their sub¬ 
scription. Subscriptions outside of the United States and Canada will be digital. $25 of the funds will be allocated 
toward a subscription to Windows IT Pro ($49.95 value). REGISTRATION & CANCELLATION POLICY: Registrations are not 
confirmed until payment is received. Cancellations before October 6,2008 must be received in writing and will be 
refunded minus a $100 processing fee. After October 6,2008 cancellations and no shows are liable for full registra¬ 
tion, it can be transferred to the next Connections conference within 12 months or to another person. Active 
Directory, Microsoft, MSDN, Outlook, Windows NT, Windows Server, Windows Vista, and Windows are either trade¬ 
marks or registered trademarks of Microsoft Corporation. All other trademarks are property of their owners. 
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CONFERENCE REGISTRATION • NOVEMBER 10-13, 2008 


FULL CONFERENCE REGISTRATION INCLUDES: KEYNOTE ON NOVEMBER 10TH, 6:30PM, 

THROUGH CLOSING SESSION ON NOVEMBER 13TH, 4:30PM 

NAME 

PRIORITY CODE 

COMPANY 

TITLE 

STREET ADDRESS (REQUIRED TO MAIL CONFIRMATION MATERIALS) 


CITY, STATE, POSTAL CODE 

COUNTRY 


TELEPHONE FAX E-MAIL ADDRESS (IMPORTANT) 


ONLINE www.WinConnections.conn 
E-MAIL info@devconnections.com 
PHONE (800) 505-1201 • (203) 268-3204 
FAX (203) 261-3884 

MAIL Microsoft Exchange 

Connections 2008 
Windows Connections 2008 
Unified Communications 
Connections 2008 
SharePoint Connections 2008 
c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 06468 


□ Microsoft Exchange & Unified Communications Connections .on or before August 25,2008 .$1395.00 

.after August 25,2008.$1495.00 

□ Windows Connections .on or before August 25,2008 .$1395.00 

.after August 25,2008.$1495.00 

□ SharePoint Connections .on or before August 25,2008 .$1395.00 

.after August 25,2008.$1495.00 


PRE-CONFERENCE WORKSHOPS SUNDAY, NOVEMBER 9, 2007 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM - 4:00PM Automating IT Operations by Using Windows PowerShell (2-day workshop) (Bring Your Own Laptop) JONES ..$798 

□ 9:00AM - 4:00PM U-Fix-lt: Troubleshooting Exchange Server 2007 (Bring Your Own Laptop) O'DOWD.$399 

□ 9:00AM - 4:00PM Database Best Practices for the Involuntary DBA TRIPP & RANDAL.$399 

PRE-CONFERENCE WORKSHOPS MONDAY NOVEMBER 10, 2008 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM - 12:00PM Group Policy Fundamentals, Security, and Control MOSKOWITZ.$199 

□ 1:00PM - 4:00PM Virtualization: A Real-World Jump Start SUGANO.$199 

□ 9:00AM - 4:00PM Walk in the Park: Microsoft Exchange 2007 Hands-on Labs (Bring Your Own Laptop) O'DOWD.$399 

□ 9:00AM - 4:00PM SharePoint Server 2007 Document Management Best Practices CURRY.$399 

□ 9:00AM - 4:00PM Platform Extension Model for SharePoint Products and Technologies HERMAN.$399 

POST-CONFERENCE WORKSHOPS FRIDAY NOVEMBER 14, 2008 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM - 4:00PM Reimagining Windows Administration: The Connections Capstone HOLME.$399 

□ 9:00AM - 4:00PM Walk in the Park: Office Communications Server Hands-On Labs (Bring Your Own Laptop) FOREMAN.$399 

□ 9:00AM - 4:00PM The SharePoint Developer, Designer, and Power User Game Show MILLER .$399 


CONFERENCE MATERIALS 

Full conference registration includes materials for the one conference for which you register. 


You may purchase materials for the other concurrently run events. 

□ Microsoft Exchange & Unified Communications Connections Resource CD.$75 

□ Windows Connections Resource CD .$75 

□ SharePoint Connections Resource CD.$75 

□ Microsoft ASP.NET Connections Resource CD.$75 

□ Visual Studio & .NET Connections Resource CD.$75 

□ SOL ServerConnections Resource CD.$75 


PAYMENT TOTAL 


♦IMPORTANT: You must reference Microsoft Exchange Connections, Unified Communications Connections, Windows Connections, 
or SharePoint Connections on your check. 

□ CHECK (payable to Tech Conferences) All payments must be in US Currency. Checks must be drawn on a US bank. 

□ CREDIT CARD □ VISA □ MASTERCARD □ AMEX 

CREDIT CARD NO. EXPIRATION DATE 


Cardholder's Signature 


Cardholder's Name (print) 
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CATCH DYNAMIC MICROSOFT KEYNOTES 
AND GET THE LOWDOWN ON WHAT'S 
CUTTING EDGE IN THE INDUSTRY. 




STEVE RILEY MARK MINASI THOMAS RIZZO SCOTT GUTHRIE MANDALAY BAY 


Senior security 
strategist in 
Microsoft's 
Trustworthy 
Computing Group 

MICROSOFT 


Best-selling author, Director in the Corporate Vice 

popular technology SharePoint group President, .NET 

columnist, M|CR0S0FT Developer Division 
commentator MICROSOFT 


RESORT & CASINO 

» WITH OVER 5,000 
ATTENDEES, LAST 
FALL SOLD OUT! 


■ El @s* 

■SflsSSr 


MICROSOFT 

EXCHANGE 

Connections 

2008 


UNIFIED 

COMMUNICATIONS 

Connections 

2008 


WINDOWS 

Connections 

2008 


SharePoint 

Connections 

2008 


WinConnections.com 800-505-1201 ■ 203-268-3204 


Microsoft * Widows TechNet 


PENTON MEDIA 


WinConnections 2008 

c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 06468 


Mailroom: If addressee is no longer here, 
please route to MIS Manager or Training Director 















SPLIT-BRAIN DNS 


learning Path 

WINDOWS IT PRO RESOURCES 

For more information about using split-brain 
DNS: 

"DNS Configuration Errors Breed AD Horror," InstantDoc 
I D 43582 

"Solving DNS Problems," InstantDoc I D 39771 
"Windows Server 2003 DNS,"InstantDoc I D 40049 
To learn more about DNS: 

"Deconstructing DNS," InstantDoc I D 48527 
"DNS-AD Rescue," InstantDoc I D 94736 
"DNS Annoyances,"InstantDoc I D 94456 
"Segregate Your DNS Servers," InstantDoc I D 92660 
"Tried-and-True DNS Wisdom,"InstantDoc ID 98330 


For this example, though, we'll con¬ 
figure a new primary DNS zone on a 
Windows Server 2003 Standard Edition 
AD DNS server. Start by opening the 
Microsoft Management Console (MMC) 
DNS Management snap-in and expand¬ 
ing the server node. Right-click Forward 
Lookup Zones, then click New Zone to 
launch the New Zone Wizard. Click Next 
on the Welcome page to proceed to the 
second page of the wizard. As Figure 2 
shows, you'll see choices for creating a 
Primary zone, Secondary zone, or Stub 
zone, as well as a checkbox, selected by 
default, that lets you store your new zone 
in AD. Select Primary zone and clear the 
checkbox for storing the zone in AD; for 
this example, we want to store our zone 
in a flat file. 


Name (uses parent domain name if blank): 


Fully qualified domain name (FQDN): 


On the wizard's next page, enter the zone 
name mydomain.com. When you click Next, 
you'll be given the option to change the file¬ 
name that the DNS server uses to store the 
zone records; for this example you can use 
the default that the wizard suggests. Figure 
3 shows the wizard's Dynamic Update page, 
where you'll have two options: to let the zone 
accept both nonsecure and secure dynamic 
updates or to not allow the 
zone to accept any dynamic 
updates. We aren't setting 
up any records that should 
be updated dynamically, so 
select Do notallow dynamic 
updates. The last page of the 
wizard presents a summary 
of what will occur after you 
click Finish. 

Now if you expand For¬ 
ward Lookup Zones, you'll 
see an entry for mydomain 
.com. Right-click this entry 
and select New Host (A), 
and you'll see a dialog box 
like the one Figure 4 shows. 

Following our web server 
example above, we'd enter www as the name 
and 192.168.123.10 as the IP address. Don't 
select the Create associated pointer (PTR) 
record checkbox because we're not inter¬ 
ested in setting up a reverse DNS entry for 
this host; reverse DNS resolves IP addresses 
to names and we only need to resolve the 
name to the IP address. Click Add Host, and 
you're done. 

You can now test your split-brain config¬ 
uration from your work- 
| 71 x | station. But before you do, 

make sure to flush your 
DNS cache by entering 
the following from a com¬ 
mand prompt: 


| www.mydomain.com. 

IP address: 

|192 .163 .123 .10 

Create associated pointer (PTR) record 


lime to live (TTL): 

p ” :0 :0| (DDDDD: HH. MM. 55) 


Add Host 


Cancel 


Figure 4:The New Host dialog box 


ipconfig /flushdns 

Type www.my domain 
.com into your browser, 
and your site should load. 
Neat, isn't it? 

You can add addi¬ 
tional hosts to your newly 
created zone for any 
other resources, such as a 
mail server or a terminal 
server, that you want to 
access by the same name 


both internally and externally. 

Divide to Conquer 

You can modify the solution pre¬ 
sented above by having your internal 
AD DNS servers answer queries only for 
AD resources and forwarding all other 
requests to another set of internal DNS 
servers. This other set would contain 


Although "split-brain DNS" 
sounds like something that 
would require an Ace 
bandage and a boatload 
of aspirin, it's actually 
something that almost 
every organization uses. 


your private IP records for mydomain 
.com and recursively answer queries for 
all other domains. This type of segrega¬ 
tion can help both with risk mitigation 
and administration delegation because the 
AD DNS servers would be separate from 
the DNS servers you use for split-brain 
resolution. 

An alternative to split-brain DNS would 
be to use a third-party solution at the edge 
of your network that can rewrite the IP 
addresses returned in packets containing 
DNS data. For example, Cisco's PIX and ASA 
appliances have a feature called DNS Doctor¬ 
ing that performs such rewrites. All of these 
methods are fairly easy to execute, but you 
should still try them in a test environment 
before making changes to your production 
environment. Happy querying! ^ 

InstantDoc ID 99772 



Michael Dragone 
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PowerShell 


A ctive Directory (AD) is a vital part of the Windows enterprise infrastructure. 

Although Windows PowerShell scripting is available for Windows Server, 
PowerShell doesn't include AD cmdlets. To address this need, you can down¬ 
load a free set of AD cmdlets (www.quest.com/activeroles-server/arms.aspx) 
that let you easily perform basic user account operations. These cmdlets hide 
the complexities associated with using 
Active Directory Service Interfaces (ADSI). You can use 
the cmdlets with Active Directory Domain Services (AD 
DS) or Active Directory Lightweight Domain Services 
(AD LDS). 

You can install the AD cmdlets on any computer 
running PowerShell. They can be used remotely with 
any AD domain controller (DC) in a network. 

When you install the cmdlets, the ActiveRoles Manage¬ 
ment Shell for Active Directory shortcut is added to your 
Start menu. Clicking this shortcut starts a shell in which 
you can run the AD cmdlets as well as PowerShelTs default 
set of cmdlets. From this shell, you can easily perform such 
tasks as finding a user account, finding and reporting on 
groups of user accounts, modifying user properties, modi¬ 
fying user accounts, and creating user accounts. 


Use free AD 
cmdlets to find, 
report on, create, 
and modify user 
accounts 

by Dmitry Sotnikov 


Finding a User Account 

Finding a user account isn't easy in VBScript code. When 
you don't know the user's distinguished name (DN), you 
need to construct an LDAP query, which can take many 
lines of code. Not only are VBScript scripts for managing 
AD long, they require knowledge of LDAP queries, AD 
schema naming, and other technical details. 

Finding a user is much easier with PowerShell. If you 
want to use a logon name to find a user account, all you 
have to do is use the Get-QADUser cmdlet. For example, 
if you want to find the user account associated with the 
sAMAccountName dsotnikov, you'd type 

Get-QADUser dsotnikov 

Let's look at what this cmdlet is doing. First, it establishes 
a connection with the current AD domain using the 
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account under which you started the shell. 
If you want to connect to another domain, 
you can use the Get-QADUser cmdlet's 
-Service parameter or precede the state¬ 
ment with the Connect-QADService cmdlet. 
If you want to make the connection under 
different credentials, you can use the Get- 
QADUser cmdlet's -Credential parameter or 
its -ConnectionAccount and -Connection 
Password parameters. 

Because only the username is speci¬ 
fied (dsotnikov), the Get-QADUser cmd¬ 
let assumes you want to use its default 
-Identity parameter to locate the account. 
(Specifying the name of the default param¬ 
eter is optional in the AD and Power- 
Shell cmdlets.) The AD cmdlets provide 
a variety of ways to identify objects. 
Besides specifying a sAMAccountName 
(or domain\sAMAccountName), you can 
specify a display name, DN, user principal 
name (UPN), SID, or globally unique iden¬ 
tifier (GUID), as in 



learning Path 


Get-QADUser 

ABCD-1234-5677-98FE-CD43 

(Column widths force us to wrap code. So, 
although the second command appears on 
two lines here, you would enter it on one 
line in the shell. The same holds true for the 
other multiline commands in this article.) 
Note that you need to enclose the parameter 
in quotes if it contains spaces (like in the 
display name example) or commas (like in 
the DN example). This is done to help the 
PowerShell parser understand that you're 
passing in a single string. 

Finding and Reporting on Groups of 
User Accounts 

Systems administrators often need to find 
and report on groups of user accounts. The 
Get-QADUser cmdlet also handles this task. 
For example, if you want to see all the users 
in the accounting department, you'd use the 
-Department parameter, as in 


WINDOWS IT PRO RESOURCES 
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As these examples show, you can use the 
display names of the user attributes (e.g., 
Department, City), so knowing the attri¬ 
butes' LDAP names is no longer required. 
However, you can use the LDAP names if 
you already know them. For example, if you 
want to use the LDAP name for the City 
attribute, you can run 


Get-QADUser 'Dmitry Sotnikov' 
Get-QADUser 

'cn=dsotnikov,ou=users,dc=quest, 
dc=com' 

Get-QADUser dsotnikov@quest.com 
Get-QADUser S-123-4567... 


Get-QADUser -Department Accounting 

If you want to see all the users in the Lon¬ 
don office, you'd use the -City parameter, 
like this 

Get-QADUser -City London 


Get-QADUser -L London 

As Table 1 shows, Get-QADUser has many 
attribute-specific parameters you can use 
in searches. Plus, there are many other 
available parameters, such as -Identity, 
-Credential, -ConnectionAccount, and 


Table 1: Attribute-Specific Parameters in Get-QADUser, Set-QADUser, and New-QADUser 

Parameter 

Aliases 

Type 

Get-QADUser 

Set-QADUser 

New- 

QADUser 

-AccountExpires 


DateTime 


X 


-AccountExpiresBefore 


DateTime 

X 



-AccountNeverExpires 


Boolean 

X 



-Anr 


String 

X 



-AttributeScopeQuery 

-ASQ 

String 

X 



-City 

-L 

String 

X 

X 

X 

-Company 


String 

X 

X 

X 

-Department 

-dept 

String 

X 

X 

X 

-Description 

-des 

String 

X 

X 

X 

-Disabled 


SwitchParameter 

X 



-DisplayName 

-disp 

String 

X 

X 

X 

-Email 


String 

X 

X 


-Enabled 


SwitchParameter 

X 



-Fax 

-facsimileTelephoneNumber 

String 

X 

X 

X 

-FirstName 

-givenName, fn 

String 

X 

X 

X 

-HomeDirectory 


String 

X 

X 


-HomeDrive 


String 

X 

X 


-HomePhone 

-hp 

String 

X 

X 

X 

-Initials 

-1 

String 

X 

X 

X 


36 SEPTEMBER 2008 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 






AD USER ACCOUNTS ■ 


Table 1: Continued 


Parameter 

Aliases 

Type 

Get-QADUser 

Set-QADUser 

New- 

QADUser 

-LastName 

-sn, In 

String 

X 

X 

X 

-IdapFilter 

-If 

String 

X 



-Locked 


SwitchParameter 

X 



-LogonScript 


String 

X 

X 


-Manager 

-mgr 

IdentityParameter 

X 

X 

X 

-MobilePhone 

-mobile 

String 

X 

X 

X 

-Name 

-n 

String 

X 


X 

-Notes 

-info 

String 

X 

X 

X 

-ObjectAttributes 

-oa, attr 

Hash Table 

X 

X 

X 

-Office 

-physicalDeliveryOfficeName 

String 

X 

X 

X 

-Pager 


String 

X 

X 

X 

-ParentContainer 

-OrganizationalUnit, OU, Parent 

IdentityParameter 



X 

-PasswordNeverExpires 


Boolean 

X 

X 


-PhoneNumber 

-telephoneNumber 

String 

X 

X 

X 

-PostalCode 


String 

X 

X 

X 

-PostOfficeBox 


String 

X 

X 

X 

-ProfilePath 


String 

X 

X 


-SamAccountName 

-san, LogonName 

String 

X 

X 

X 

-SearchRoot 

-OrganizationalUnit, OU, Parent 

IdentityParameter 

X 



-SearchScope 

-ss, scope 

DirectoryServices 

.SearchScope 

X 



-SecurityMask 


DirectoryServices 

.SecurityMasks 

X 



-StateOrProvince 

-st 

String 

X 

X 

X 

-StreetAddress 


String 

X 

X 

X 

-Title 

-ti 

String 

X 

X 

X 

-TsAllowLogon 


Boolean 


X 


-TsBrokenConnectionAction 


Int32 


X 


-TsConnectClientDrives 


Boolean 


X 


-TsConnectPrinterDrives 


Boolean 


X 


-TsDefauItToMainPrinter 


Boolean 


X 


-TsHomeDirectory 


String 


X 


-TsHomeDrive 


String 


X 


-TsInitialProgram 


String 


X 


-TsMaxConnectionTime 


TimeSpan 


X 


-TsMaxDisconnectionTime 


TimeSpan 


X 


-TsMaxIdleTime 


TimeSpan 


X 


-TsProfilePath 


String 


X 


-TsReconnectionAction 


Int32 


X 


-TsRemoteControl 


Int32 


X 


-TsWorkDi rectory 


String 


X 


-UserMustChangePassword 


Boolean 


X 


-UserPassword 

-Password, up 

String 


X 

X 

-UserPrincipalName 

-upn 

String 

X 

X 

X 

-WebPage 

-wWWHomePage 

String 

X 

X 

X 

-WildcardMode 

-wm 

WildcardMode 

X 
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-ConnectionPassword. To get the full 
parameter list, type 

Get-Help Get-QADUser -Full 

Getting the information retrieved by Get- 
QADUser into a table, list, or .html file for 
easy viewing is simple. All you need to do is 
tell PowerShell how to format the results. 

In both PowerShell and ActiveRoles 
Management Shell for Active Directory, the 
Get- cmdlets produce a collection of objects. 
To change the way in which these objects 
are presented, you need to direct, or pipe 
(|), the collection to another cmdlet. For 
example, if you want to present the informa¬ 
tion about the London users in a table, you'd 
pipe Get-QADUser's results to PowerShell's 
Format-Table cmdlet. To specify what attri¬ 
butes you want in the table and the order in 
which they appear, you use Format-Table's 


-Property parameter. The -Property param¬ 
eter is the default parameter, so specifying it 
in the command is optional. Thus, to pres¬ 
ent the London data in a table that includes 
the users' names, departments, and titles, 
you'd type 

Get-QADUser -City London | 

Format-Table Name,Department,Title 

If you'd rather have the London data in a 
list, you can use PowerShell's Format-List 
cmdlet, as in 

Get-QADUser -City London | 

Format-List Name,Department, Ti tl e 

For more information about how to use the 
Format-Table and Format-List cmdlets and 
what the results look like, see "PowerShell 
101, Lesson 2," March 2008, InstantDoc ID 
97959. 

If you want to convert and save the 
London data in an .html file, you can use 
PowerShell's ConvertTo-HTML and Out- 
File cmdlets in the command 

Get-QADUser -City London | 
ConvertTo-HTML 

-Property Name,Department,Title 
38 SEPTEMBER 2008 Windows IT Pro 


-Title 'London Staff' | 

Out-File C:\LondonUsers.html 

ConvertTo-HTML selects the properties 
specified with the -Property parameter (i.e., 
Name, Department, and Title), adds the 
title specified with -Title property (i.e., Lon¬ 
don Staff), and produces the correspond¬ 
ing HTML code. After the selected data is 
converted into HTML, it's saved in the C:\ 
LondonUsers.html file with the Out-File 
cmdlet. For more information about the 
ConvertTo-HTML and Out-File cmdlets, see 
the PowerShell documentation. 

Modifying User Properties 

To modify user properties, you use the Set- 
QADUser cmdlet. You can use many of the 
attribute-specific attributes for Set-QADUser 
that you use for Get-QADUser (see Table 1). 


For example, to set Paris as the office location 
for a user, you'd use a command such as 

Set-QADUser 'Dmitry Sotnikov' 

-City Paris 

Bulk changes are just as easy. You can relo¬ 
cate everyone from the London office to the 
Paris office with the command 

Get-QADUser -City London | 

Set-QADUser -City Paris 

To reset a password, you use Set-QADUser's 
-UserPassword parameter in a command 
such as 

Set-QADUser 'Dmitry Sotnikov' 
-UserPassword '!@#Quh*$%' 

Modifying User Accounts 

There's more to managing user accounts 
than just reporting on and setting their 
properties. Other common tasks include 
enabling, unlocking, moving, and deleting 
user accounts. To enable user accounts, 
you use the Enable-QADUser cmdlet. For 
example, the command 

Get-QADUser -Disabled | 

Enable-QADUser 

We're in IT with You 


first uses Get-QADUser's -Disabled parameter 
to find all the disabled accounts, after which it 
uses Enable-QADUser to enable them. 

To unlock accounts, you use the Unlock- 
QADUser cmdlet. For example, the com¬ 
mand 

Get-QADUser -Locked -Title Manager | 
Unlock-QADUser 

first uses Get-QADUser's -Locked and 
-Title parameters to find the locked out 
accounts of users whose tide is manager, 
then uses Unlock-QADUser to unlock those 
accounts. 

To move user accounts, you use the 
Move- Q AD Object (and not Move- QAD User ) 
cmdlet. Move-QAD Object is a generic cmd¬ 
let that you can use to move any AD object to 
a different container. For example, to reorga¬ 
nize user accounts into organizational units 
(OUs) based on geography, you might use a 
command such as 

Get-QADUser -City ’New York' | 
Move-QADObject NewParentContainer 
quest.com/staff/NewYork 

This command begins by finding all the 
users in the New York office, then pipes 
the results to Move-QADObject, which 
moves them to the specified container. 
Note that the canonical name (quest.com/ 
staff/NewYork) is used to specify the target 
container. You could use a DN (e.g., cn= 
NewYork,ou=staff,dc=quest,dc=com) 
instead, but canonical names are much 
shorter and easier to type. 

To delete user accounts, you use Remove- 
QADObject, a generic cmdlet that lets you 
delete any AD object. You simply specify the 
object to delete, as in 

Remove-QADObject 'Unlucky One' 

Although you'll be given a warning message 
along with a prompt to confirm the delete 
action, it's highly recommended that you 
use PowerShell's -Whatlf parameter with 
Remove-QADObject first. When you use 
this parameter, PowerShell lists what objects 
will be deleted but doesn't actually delete 
them. This is especially handy when you use 
pipelines for input and you're not certain 
which accounts might get into the result set. 
For example, suppose you want to use Get- 
QADUser to retrieve any disabled accounts 
whose name starts with the letter a in the 
quest.com/recycled container and pipe the 


Many systems administrators would 
probably like an effortless way to create 
user accounts for newly hired employees. 
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retrieved objects to Remove-QADObject for 
deletion. By using the -Whatlf parameter in 
the command 

Cet-QADUser -Name a* -Disabled 
-SearchRoot quest.com/recycled | 
Remove-QADObject -Whatlf 

you'll know exactly which objects will be 
deleted. Note that QADUser's -SearchRoot 
parameter limits the scope to the specified 
container. 

Creating User Accounts 

Many systems administrators would prob¬ 
ably like an effortless way to create user 
accounts for newly hired employees. After 
all, who wants to repeatedly perform this 
routine task each time HR hires a new 
employee? To automate this task, you can 
use the New-QADUser cmdlet. For example, 
the command 

New-QADUser -Name dsotnikov 

-ParentContainer quest.com/users 
-UserPassword 'P@ssw0rd' 

creates a new user account named 
dsotnikov in the quest.com/users container. 
Although -Name and -ParentContainer are 
the only two mandatory parameters for 
the New-QADUser cmdlet, the account 
will be created disabled unless you also 
specify a password with New-QADUser's 
-UserPassword parameter. Alternatively, you 
can set a password later by using the Set- 
QADUser cmdlet and enable the account 
with the Enable-QADUser cmdlet. 

If you want to create a user account that 
has more attributes set, you can specify them 
in a New-QADUser command such as 

New-QADUser -Name 'Dmitry Sotnikov' 
-ParentContainer quest.com/users 
-DisplayName 'Dmitry Sotnikov' 
-UserPassword 'P@ssw0rd' 
-sAMAccountName dsotnikov 
-FirstName Dmitry 
-LastName Sotnikov | 

Set-QADUser 

-UserMustChangePassword $true 

At the end of this command, note 
how the new user object is piped 
to the Set-QADUser cmdlet and its 
-UserMustChangePassword parameter is 
set to $true ($true and $false are the Power- 
Shell way of expressing the corresponding 
Boolean values). This part of the command 


makes sure that the user is asked to reset the 
password at the first logon. 

Now, typing all that information isn't 
exactly quick and painless, especially if you 
need to create many user accounts. For¬ 
tunately, PowerShell comes with comma- 
separated value (CSV) file support. The 
Import-CSV cmdlet opens a CSV file and 
assumes the first row in the file has the 
names of the object properties that are listed 
in subsequent rows. 

If the CSV file's column names coincide 
with the names of the New-QADUser param¬ 
eters, like in the following sample file 

Name,sAMAccountName,UserPassword 
First User,FUser,P@ssw0rd 
Second User,SUser,Password 

you can simply pipe the CSV file's contents 
to New-QADUser. You just need to use the 
-Import parameter, as in 

Import-CSV 'C:\provision.csv' | 
New-QADUser -Import 
-ParentContainer quest.com/users 
-City Columbus 

As this example shows, you can add other 
parameters (in this case, -ParentContainer 
and -City) to the New-QADUser cmdlet. 

With this setup, you can tell HR to put 
the information about new employees in a 
CSV file in an agreed-on location and you 
can schedule a command like the one just 
given to run daily. Because you won't have 
to manually create those accounts anymore, 
you'll have more time for other administra¬ 
tive tasks. 

If you want to try the New-QADUser 
cmdlet in a test environment, you can use 
the command 

1..500 | ForEach-Object { 

New-QADUser 

-ParentContainer quest.test/test 
-Name "testuser$_" 

-SamAccountName "testuser$_" 

-UserPrincipal Name 
"testuser$_@exampl e.com" 

-FirstName "testUser$_" 

-LastName "example$_" 

-UserPassword "P@ssword@_$_" 

} 

to quickly create 500 test user accounts with 
unique attributes. This code uses Power- 
Shell's range operator (..) to get a collection 
of500 numbers (1 through 500). The collec¬ 


tion is piped to the ForEach-Object cmdlet, 
which cycles though the collection, putting 
each number inside the various parameters' 
string values so that, for example, testuser$_ 
becomes testuserl in the first loop, testuser2 
in the second loop, testuser3 in the third 

The 40 AD cmdlets 
let you manage not 
only users but also 
groups, group 
memberships, 
computers, 
permissions, 
and more. 

loop, and so on. Note the use of the double 
quotes around the string values. The dou¬ 
ble quotes tell PowerShell to automatically 
evaluate the $_ variable inside the strings. 
(If you're unfamiliar with the $_ variable, see 
"PowerShell 101, Lesson 2.") Using single 
quotes won't work. 

Easily Manage User Accounts 
and a Lot More 

As you can see, ActiveRoles Management 
Shell for Active Directory contains many 
cmdlets that you can use to manage user 
accounts. It also contains many more cmd¬ 
lets. Version 1.1 has 40 cmdlets for managing 
not only users but also groups, group mem¬ 
berships, computers, permissions, Windows 
Server 2008 fine-grained password policies, 
and more. To see the full list of cmdlets 
and what they do, you can download the 
"ActiveRoles Management Shell for Active 
Directory - Administrator's Guide" from 
www.quest.com/powershell/activeroles- 
server.aspx or visit the online reference 
at wiki.powergui.org/index.php/QAD_ 
cmdlets reference. 
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PROBLEM: 

Since Windows NT 3.1, 
Windows has supported POSIX 
applications. However, the 
lack of built-in features and 
tools needed to port UNIX 
applications to Windows 
forced many users to purchase 
and use third-party tools. 

SOLUTION: 

Install and familiarize yourself 
with the Subsystem for UNIX- 
based Applications (SUA) for 
Server 2008 and Vista. 

WHATYOU NEED: 

Server 2008 or Vista, an 
Internet connection, an X 
Server package (optional) 

SOLUTION STEPS: 

1. Install SUA. 

2. Download and install 
additional utilities and the SDK 
from the Microsoft website. 

3. Install an X server (optional). 

4. Identify candidate shell 
scripts and applications to 
port to Windows. 

5. Compile C and C++ 
applications to run under SUA. 

DIFFICULTY: 


oo 


Move Apps from 

UNIXto 

Windows 

with 


SUA 


by John Howie 


Use SUA with Vista for an 
intriguing alternative to UNIX 



M icrosoft has provided 
support for UNIX appli¬ 
cations on its flagship 
OSs since the release of 
Windows NT 3.1, which 
shipped with a POSIX- 
compliant subsystem. Assistance for UNIX 
applications and interoperability has gradu¬ 
ally evolved, and Microsoft has invested in 
features such as networking support, dae¬ 
mons, and even X Windows. With the release 
of Windows Server 2008 and Windows Vista, 
now might be the time for enterprises to 
consider moving some of their legacy line- 
of-business applications from 
UNIX to Windows using the 
Subsystem for UNIX-based 
Applications (SUA). It's easy to 
learn some of the features of the 
subsystem and how to install 
it, find download support tools 
and add-ons, assess the kind of 
support SUA offers for traditional 
UNIX applications, and build 
a UNIX application to run on 
Windows. 

Install SUA 

Before you can use SUA, which 
is included in Server 2008 and 

We're in IT with You 


Vista, you must install and activate the 
feature. In the Control Panel Programs and 
Features applet, click Turn Windows features 
on or off in the left-hand pane. On Vista, in 
the Windows Features dialog box, select 
the Subsystem for UNIX-based Applica¬ 
tions check box, as Figure 1 shows, and 
click OK. If you're using Server 2008, start 
Server Manager, right-click Features, select 
Add Features from the menu, and select the 
Subsystem for UNIX-based Applications 
check box. (The necessary system files were 
installed when you installed Server 2008 
or Vista.) 

In the Subsystem for UNIX-based Appli¬ 
cations folder that subsequently appears 
in your All Programs menu, you'll see two 
shortcuts. The Help file shortcut takes you to 
details about new features in the subsystem. 
The Download Utilities for Subsystem for 
UNIX-based Applications shortcut takes you 
to the Microsoft Download Center, where 
you can download utilities and the software 
development kit (SDK) for SUA. Both 32-bit 
and 64-bit editions of SUA are available 
for Server 2008 and Vista. Download and 
install the combined package containing 
the utilities and the SDK—which is from 
193MB to 210MB in size, depending on the 
version and target OS—on any system to 
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which you'll port or on which you'll compile 
UNIX-based applications or use utilities 
such as UNIX-style shells. The download is 
a self-extracting executable. You must select 
a location to which to extract the files before 
setup can proceed. 

Setup is a simple wizard that prompts 
you for your name, consent to the licensing 
agreement, and whether you want to perform 
a standard or custom installation. A standard 
installation places the most commonly used 
files in C:\Windows\SUA and configures your 
system accordingly. However, I recommend 
that you choose to do a custom installation 
and install only the components you actually 
need, such as support for BSD and UNIX Sys¬ 
tem V-based utilities, GNU utilities and SDKs, 
and the Visual Studio plug-in. If you elect 
to install the GNU SDK, you need to accept 
an additional license agreement called the 
GNU Lesser General Public License, a copy 
of which is installed along with the SDK. 

One step in the wizard that you must pay 
special attention to is security settings, which 
you can see in Figure 2. The options that 
appear (for standard or custom installations) 
depend on the choices you've made during 
the installation. The Enable Su ToRoot behav¬ 
ior for SUA programs option lets applications 
impersonate the root user (which is similar 
to Administrator on Windows systems) when 
User Account Control (UAC) is enabled. In 
many cases system applications and pro¬ 
cesses such as daemons on UNIX systems 
require this functionality; end-user processes 
such as data entry or customer maintenance 
programs rarely need it. The second option 
lets you enable setuid behavior, which refers 
to a UNIX application's ability to impersonate 
the owner of the program. A common sce¬ 
nario on UNIX systems, this option lets users 
who wouldn't ordinarily have access to data¬ 
bases or files run an application as the owner 
of the resource and gain access controlled 
by the application. Whenever possible, you 
should disable this option. 

The third option is whether to switch Win¬ 
dows to case-sensitive behavior. By default, 
Windows is not case sensitive—for example, 
you can access a file called README.TXT by 
opening readme.txt. By making Windows 
case sensitive, you can allow multiple files in 
the same folder whose names differ only by 
their case, such as README.TXT, Readme 
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.Txt, and readme.txt. A hacker with sufficient 
knowledge of how files are accessed can 
exploit this behavior. I recommend that you 
do not make Windows case sensitive and 
instead tackle case-sensitivity issues when 
porting applications. You can read details of 
the security implications of these choices in 
the Install.htm file in C:\Windows\SUA. 


Explore SUA 

After you install the utilities and SDK for the 
subsystem, additional items join the SUA 
program group, including (depending on 
installation options) a C shell, a 
Korn shell, release notes, and a 
link to check for critical updates. 

The simplest way to explore the 
subsystem is to launch one of 
the installed shells. From there 
you can explore the subsystem's 
file system by using the UNIX cd 
and Is commands, which Figure 
3 shows. 

The root of the file system 
is mapped to the SUA installa¬ 
tion directory, shown in Figure 
4, page 42. To break out of the file 
system and access Windows local 
and network drives, you use the 
file system devices under /dev/fs. 

For example, /dev/fs/C accesses 
the root or the C drive, /dev/ 
fs/Z accesses a mapped network 
drive mounted as drive Z, and 
/dev/fs/C/Windows accesses the 
Windows folder. 

When using the cd command 
or supplying paths to commands, 
remember to use UNIX's forward 
slash (/) instead of the Windows 
backslash (\). Exploring common 
locations for executable files such 
as /bin, /usr/bin (which 
is a symbolic link to 
/bin), /usr/local/bin, 
and /usr/sbin reveals 
many command-line 
utilities that UNIX 
users will understand 
(e.g., cp, rm, mkdir, find, 
size, join, sort). In other 
directories you can find 
support for the X Win¬ 
dows subsystem, send- 


mail, and network services, aka daemons. I 
describe daemons later. 

You can examine running subsystem pro¬ 
cesses by using the ps command. On its own, 
the ps command returns only the processes 
run by the user and launched from the shell. 
If you're using multiple shells or want to view 
both subsystem and Windows processes that 
are running, you can use the ps command 
with the -x option (for information about 
all processes that belong to a user) or the -A 
option (for information about all processes 
on the system). 
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Figure 1: Windows features dialog box 
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Figure 2: Security settings 
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Figure 3: C shell commands 
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Figure 4: SUA installation directory 



Figure 5: Korn shell features 

To learn about the options supported 
for each command in the subsystem, you 
can use the man command in a shell. The 
shells themselves are rich in features, and 
you can use them just as you would on a 
UNIX system. Figure 5 shows an interactive 
Korn shell script being used to unpack the 
zipped and tar'ed XFree86 UNIX distribution, 
which comes in several files. The Korn shell 
is a UNIX command-line interpreter like cmd 
.exe in Windows, but is much more flexible. 
Tar is a command that you can use to create 
archives of files and extract files from existing 
archives. It used to be a common means of 
backing up files to or restoring files from tape, 
but is now a utility most commonly used to 
create software distributions consisting of 
many files. 

SUA Startup, Daemons, and 
Network Services 

When Vista starts, so does the UNIX sub¬ 
system. Like UNIX, the subsystem has an 
init process that reads startup files from the 
/etc/rc2.d folder, which contains symbolic 
links to files in the /etc/init.d directory. On 
a UNIX system, you would ordinarily have 
additional folders, such as rc3.d and rc4.d, 


representing each run- 
level and state the sys¬ 
tem could be in, such as 
single-user, no network 
connectivity, or fully 
up and running. Unlike 
UNIX, SUA operates 
only at runlevel 2. The 
names of the scripts in 
rc2.d begin either with 
S nn (for scripts called 
at startup) or K nn (for 
scripts called at shut¬ 
down), where nn is 
a two-digit number 
that's used to control 
the order in which the 
script is called. A script 
that ends in 00 is called 
first; one that ends in 
99 is called last. This 
support for daemon 
startup and shutdown 
makes it easy to port 
daemons to Windows 
Vista. 

The subsystem 
provides support for services launched by 
inetd (a service dispatcher that manages 
Internet services), such as Telnet, FTP, and 
TFTP servers. SUA supports both IPv4 and 
IPv6. To enable a network service, edit the 
/etc/inetd.conf file to uncomment a stan¬ 
dard service or to add your own. If you have 
an existing UNIX network service launched 
by inetd, SUA should be able to support the 
service after you port it. 

X Windows Support 

As I mentioned earlier, SUA supports X 
Windows. However, the subsystem doesn't 
include an X server—you need to purchase 
and install either a commercial X server, 
such as Exceed 
from Hummingbird 
( www .humming 

bird.com) , or a low- 
cost or free X server, 
such as SourceForge 
.net's Xming (www 
.sourceforge.net). 

With an X server 
installed and run¬ 
ning, you can oper¬ 
ate the X Windows 


programs that ship with the subsystem, 
including such favorites as xeyes (a graphi¬ 
cal program that displays two googly eyes 
that follow your cursor), a system clock 
called xclock, and xterm (the standard 
terminal emulator for X Windows). The 
subsystem ships with one X Windows man¬ 
ager: twm. In addition, SUA's support for 
X Windows includes the header files and 
libraries necessary to build X Windows 
applications. 

Port Shell Scripts 

With fully functional C and Korn shells along 
with the usual crop of data-crunching tools 
such as sort, uniq, and col, porting most 
shell scripts should be relatively easy. Good 
candidates are scripts that transform data 
files—for example, sorting or merging them, 
removing duplicates, or filtering out selected 
columns before they are loaded into or after 
they are retrieved from a database—and a 
script that uses FTP to send or receive data 
files. The FTP client and server that come 
with the subsystem are more functional 
than their Windows counterparts. Many 
organizations still rely on FTP to move vast 
amounts of data and depend on UNIX sys¬ 
tems for additional features and scriptable 
FTP clients. 

Build C and C++ 

Applications 

SUA includes support for porting UNIX C 
and C++ applications, but you need to know 
a few things. The subsystem comes with 
support for the GNU C and C++ compil¬ 
ers. However, the default is to use compiler 
interfaces to Microsoft Visual Studio, which 
must be installed. Visual Studio can be used 
to compile only applications that are written 
in C—not in C++. Figure 6 shows the contents 
of a Makefile—a very simple C file—and an 
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example of what happens when you mn the 
make command. 

If you don't have Visual Studio and you 
need to compile C++ source code or simply 
prefer to use the GNU compilers, you can 
do so by explicitly calling gcc or g++. When 
you use the GNU compilers, you have to be 
careful which file extensions you employ. 
For example, a C++ source code file in Win¬ 
dows usually has a .cpp file extension., but 
the g++ compiler expects C++ source code 
files to have a .cc file extension. If your file 
has the wrong extension, you might encoun¬ 
ter apparently random errors, especially on 
64-bit hardware platforms. I recommend that 
you check SUA's Help files and release notes; 
these documents contain useful information 
that can help you avoid some pitfalls. 

In the /usr/examples directory, you'll 
find sample source code that demonstrates 
howto use the Oracle Call Interface (APIs for 
using an Oracle database) and ODBC APIs. 
The sample code included shows you how 
to use the Open Network Computing remote 


procedure call client to make calls to remote 
systems. 

In porting packaged applications to 
SUA, you might come across configure shell 
scripts, which you can use to analyze your 
system and create the makefiles necessary to 
build applications. Older configure scripts— 
specifically config.guess and config.sub— 
don't work well with the subsystem, and I 
recommend that you download the latest 
versions of these scripts from ftp.gnu.org 
before porting the applications. 

When porting or building X Windows 
applications, make sure that the necessary 
prerequisites are installed and available. 
Many X Windows applications use third- 
party add-ons or fonts that you must build 
or install first. Most mainstream packages 
should port relatively easily, especially if you 
use the GNU compilers. 

An Alternative 

Now that I've introduced you to the Subsys¬ 
tem for UNIX-based Applications that ships 


with Server 2008 and Vista, you should have 
a good handle on some of the subsystem's 
major features. This subsystem provides 
a feasible alternative to UNIX systems for 
many enterprises, letting them eliminate 
legacy dedicated UNIX systems by migrat¬ 
ing applications to Server 2008 or Vista. The 
subsystem's feature-rich shells, file manipu¬ 
lation tools, easy daemon startup, and net¬ 
working support can actually make it easier 
to develop and run some scripts and utilities 
in SUA than in a native Windows environ¬ 
ment, while still enabling organizations to 
benefit from the many features of the Win¬ 
dows platform. ^ 
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Secure Active 
Directory 

with XML-Based Templates 



Changes 
to Group 
Policy admin 
templates boost 
security 

by Russell Smith 


E ven if you're not planning to upgrade to Windows Vista anytime soon, your IT department 
might use Vista for systems administration. If so, you can take advantage of the improve¬ 
ments Microsoft made to Vista's Group Policy administrative templates. Vista's .admx files 
(Microsoft's newXML-based format for administrative templates) function differently than 
previous OSs' administrative templates. 

Group Policy administrative templates, or .adm files, define the registry-based 
settings that are displayed in the Group Policy Object Editor. The templates are divided into two sec¬ 
tions that define computer settings and user settings. These settings appear under the Administrative 
Templates nodes in the Group Policy Object Editor. You can create your own administrative templates to 
control registry settings with Group Policy, and add them to a Group Policy Object (GPO) by right-click¬ 
ing Administrative Templates in the Group Policy Object Editor and clicking Add/Remove Templates. 

In Windows Server 2008, Group Policy Preferences 
eliminate the need to create custom administrative 


templates or scripts to manipulate the registry. 

A New XML Format for Vista 
and Server 2008 

The .adm file format hails from the days of Windows 
NT Server system policies. Vista's and Server 2008's 
.admx files are based (as are other XML-formatted 
files) on a documented schema—which makes it 
easier to modify the files and develop applications 
that can work with the new format. Files in .adm 
format contain a section where strings are defined 
for use by the Group Policy Object Editor. The .admx 
format places that strings section into a separate .adml 
file, so you don't need to create a new .admx file for 
systems that use a different language. 

Centralize Storage for Improved Integrity 

InWindows 2000 and Windows Server 2003 domains, 
.adm files are stored locally on domain-joined 
machines and in Group Policy Templates (GPTs), 
which are located in the Sysvol directory on domain 
controllers (DCs). Every GPO consists of a GPT; 
thus multiple copies of .adm files are replicated to 
every DC. Versioning of .adm files is controlled by 
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_DAY 37: Our data center is a thing of the past. Costs 
are up. Flexibility is down. We can’t respond to our 
changing business needs. I think we’ve been left behind. 

_I don’t want to be left behind...not again. 

_DAY 40: We’re rethinking our data center with help from 
IBM. Their approach is efficient and flexible enough to 
meet our business demands. Now resources can be shared 
in a simplified, virtualized environment. We can scale 
quickly and provide rapid services delivery. It’s just one 
step in IBM’s plan for a new kind of data center. 

.Flexibility is up. Costs are down. IT guy is elated. 



MiMlMI 


Find out how to transform your data center at: 


IBM.COM/TAKEBACKCONTROL/EVOLVE 


IBM, the IBM logo, Take Back Control and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If 
these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law 
trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks 
is available on the Web at “Copyright and trademark informatiorf at www.ibm.com/legal/copytrade.shtml. Other company, product, or service names may be trademarks or service marks of 
others. ©2008 IBM Corporation. All rights reserved. 


















•SECURE ACTIVE DIRECTORY 


comparing the time and date stamps of the 
local and GPT copies of the file. If the local 
.adm file is newer than the GPT version, the 
local copy is uploaded to the Sysvol direc¬ 
tory and replicated. 

This behavior can lead to integrity prob¬ 
lems if a local .adm file is corrupt, or to a 
security problem if someone maliciously 
modifies an .adm file. You can prevent local 
copies of .adm files from being uploaded to 
DCs—and force the use of local .adm files— 
by enabling the Always use local .adm flies 
for Group Policy editor Group Policy setting 
under Computer Configuration\Admin- 
istrative Templates\System\Group Policy. 
However, this means that .adm files across 
all administrative workstations need to be 
kept in sync. 

Although .adm files can't be stored 
centrally, .admx files can be stored centrally 
in a Win2K or Server 2003 domain and rep¬ 
licated between DCs. Once the store is cre¬ 
ated, to avoid automatic uploading of .adm 
files to the Sysvol directory, you should 
only use Vista or Server 2008 to administer 
GPOs. The process is optional; however, 
it's necessary in Server 2008 domains if 
you want to use a central store. You should 
perform the following steps in a test envi¬ 
ronment only—they enable a preference 
setting in a GPO that can't be rolled back by 
unlinking the GPO. 

1. Open Windows Explorer and enter 
the Universal Naming Convention (UNC) 
\\DomainName.com\sysvo\\Domain 
Name.com\po\icies in the address bar, then 
create a new folder called PolicyDefini- 
tions, as Figure 1 shows. 

2. Update Vista or Server 2008 with the 
latest service pack and patches. 

3. Copy the contents of the PolicyDefi- 
nitions folder (located in the Windows 
directory), including the EN-US subfolder, 
to the new PolicyDefinitions folder on the 
server. 

Vista and Server 2008's Group Policy 
tools check for a PolicyDefinitions folder, so 
any new GPOs that are created and edited 
exclusively on Vista or Server 2008 and 
joined to a Win2K or Server 2003 domain 
where this folder is present will have a GPT 
without an ADM folder. Figure 2 shows 
the Administrative Templates node in the 
Group Policy Management Editor where 
a central store for .admx files has been 


detected. To add an .admx template to the 
central store, you must copy the file directly 
to the PolicyDefinitions folder on a DC. 
Once the store has been created, you can 
secure the administrative templates in the 


store and the GPOs separately. You can still 
right-click the Administrative Templates 
node in the Group Policy Management Edi¬ 
tor and add an .adm template, which will 
appear under the Classic Administrative 



Figure 1: PolicyDefinitions folder 



Figure 2: The Administrative Templates node 



Figure 3: Conversion Results dialog box 
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_DAY 54: This gap between LOB and IT is getting out of 
hand. Our business processes are rigid and inflexible. 
We can’t react to changes in the business environment. 
We’ve got to find a way to bridge the chasm. 

.Gil’s gonna jump it. I think he needs a bigger engine. 

.DAY 55: I’m closing the gap with a Smart SOA™ approach 
from IBM. They offer a full range of hardware, software 
and services to speed alignment of LOB and IT. They’ve 
proven themselves in over 6,550 SOA engagements of all 
sizes. Now we have the agility to respond to change. 

.Gil says from now on, he’s not jumping metaphors. 




Watch the Smart SOA demo at: 

IBM.COM/TAKEBACKCONTROL/SOA 


WebSphere 


IBM, the IBM logo, ibm.com, Smart SOA, WebSphere and Take Back Control are trademarks or registered trademarks of International Business Machines Corporation in the United States, other 
countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or 
common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM 
trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. ©2008 IBM Corporation. All rights reserved. 
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Figure 4: Creating a new category in a custom .admx file 


Templates (ADM) node, but you should 
avoid this by converting .adm files to .admx 
format. 

Migrating to the .admx Format 


under ADMX Editor in the 
left-hand pane, right-click the 
template, and select Save As 
from the menu to save a copy 
of the new template in a con¬ 
venient temporary location. 

As Figure 3 shows, the most 
common error reported during 
conversion is the absence of a 
SupportedOn value. This value 
refers to the OS on which the policy setting is 
supported. You can safely ignore the errors, 
or edit the original .adm file and add a value 
under the Policy entry for the appropriate 
setting as follows: 


If you want to take full advantage of the cen¬ 
tral store, you can convert your .adm files to 
the newformat, delete the old .adm templates 
from each GPT on the server, and upload the 
converted .admx files to the central store. To 
convert .adm files to .admx, you'll need to 
download the free ADMX Migrator tool from 
www.microsoft.com/downloads/details 
.aspx?familyid=0fleec3d-10c4-4b5f-9625- 
97c2f731090c. Install the tool on an admin 
workstation and follow these instructions to 
convert each .adm file to .admx: 

1. Open ADMX Editor selecting All 
Programs, FullArmor, FullArmor ADMX 
Migrator from the Start menu. 

2. In the left-hand pane, right-click 
ADMX Editor and select Generate ADMX 
from ADM on the menu. 

3. Select the .adm file you want to con¬ 
vert and click Open. 

4. The conversion process will take a 
few seconds and you'll be presented with a 
summary of any errors that were encoun¬ 
tered in the Conversion Results dialog box 
that Figure 3, page 46, shows. Click Close. 

5. You'll then be given the opportunity to 
load the new .admx file into the editor. Click 
Yes. The new template will now appear in 
the central pane in the Template box. 

6. Double-click ADMX Templates 


POLICY! !L_MRU4Policy 
SUPPORTED !!L_MRU4PolicySupport 

You also need to add the necessary text at 
the end of the [Strings] section: 

L_MRU4PolicySupport="Office 2007 or 
later" 

Once you've gone through this process for 
all .adm files that are used to define settings 
in your GPOs, you should back up the Sysvol 
directory, then delete the ADM folder in 
each GPT. 

If you still use Win2K or Windows XP on 
the network to administer Active Directory 
(AD), you can prevent classic ADM tem¬ 
plates from being automatically uploaded to 
DCs by configuring the Turn off Automatic 
Updates of .adm files setting. To find that 
setting, select User Configuration, Adminis¬ 
trative Templates, System, Group Policy. You 
can apply the policy to all users, or target the 
policy for users who have privileges to create 
or edit GPOs. 

Creating Custom ADMX Files 

Despite being slow and not particularly 
intuitive, the ADMX Editor lets you cre¬ 
ate and edit .admx files. You 
might want to create your own 
template to configure registry- 
based controls that have no out- 
of-the-box GPO setting. In the 
following example, we'll create 
a custom .admx file that lets us 
enable or disable TCP/IP SYN 
attack protection in GPOE. 
The registry value SynAttack- 



Figure 5: Creating a new policy setting in a custom .admx file 



Figure 6: Enabling value items 

Protect, which can be set to 0 or 1 (disabled 
or enabled), is located in the HI<EY_LOCAL_ 
MACHINE\SYSTEM\CurrentControlSet\ 
Services\Tcpip\Parameters registry sub¬ 
key. For information about hardening 
the TCP/IP stack, visit msdn2.microsoft 
.com/en-us/library/aa302363.aspx. 

1. Right-click ADMX Templates in the 
left-hand ADMX Editor pane and select 
New Template from the menu. Name it 
Securityharden, and click OK. 

2. Expand the ADMX Templates node, 
right-click the Securityharden template, 
and select New Category from the menu. 

3. In the New Category dialog box, 
double-click the empty box opposite Dis¬ 
play Name in the table and enter Security 
Hardening, as shown in Figure 4, and 
click OK. 

4. The Security Hardening category 
will now appear under the template node 
in the left-hand pane. Right-click Security 
Hardening and select New Policy Setting 
from the menu. 

5. Complete the table by entering the 
values shown in Figure 5 for Display Name, 
Registry Key, and Registry Value Name, 
and click OK. 

6. Select Security Hardening in the left- 
hand pane, then select SynAttackProtect 
under Setting in the center pane. Select the 
Value Lists tab. 

7. Right-click anywhere in the Enabled 
Items table and select New Value Item from 
the menu. In the Value Item dialog box, 
complete the table as shown in Figure 6 and 
click OK. 

8. Do the same for the Disabled Items 
table, but change the Value field to 0. Fig¬ 
ure 7, page 50, shows the completed Value 
Lists tab. 

9. Right-click the Securityharden node 
in the left-hand pane and select Save As 
from the menu. In the Save Template 

As dialog box, enter a suitable path and 
name (e.g., securityharden.admx) for the 
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_DAY 45: Too many servers. Too many cables. Too much 
time and money spent running a growing list of 
applications. We’re getting consumed by complexity! 

_DAY 46: I decided to consolidate everything with IBM 
BladeCenter.® Its ability to run Windowsf Linuxf UNIX® 
and IBM i makes it the smartest way to optimize our IT. 
Now we can run almost any current or future application 
using only one chassis, one management system. This will 
help us save a bundle on energy and management costs. 

_DAY 47: Gil volunteered to help IBM recycle our old cable 
spaghetti. He said not to worry—he was on top of it. 



See why companies of all sizes are tossing out their cables for IBM BladeCenter: 

IBM COM/TAKEBACKCQNTROL/BI ADFS 


IBM, the IBM logo, ibm.com, BladeCenter and Take Back Control are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, 
or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law 
trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is 
available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other 
countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and 
other countries. Other company, product, or service names may be trademarks or service marks of others. ©2008 IBM Corporation. All rights reserved. 










SECURE ACTIVE DIRECTORY 


-U“I 


HE 



Figure 7: The completed Value Lists tab 


*J 


3 


r Ilia A3MLpMJi rmrff 

HJHLIfc | 

Si*l | Owj j 


Figure 8: Saving a new template 

new .admx file, as Figure 8 shows, and 
click Save. This will save the .admx file 
and .adml file, but place the .adml file in a 
separate folder called en-GB. 

For the new settings to appear in GPOE, 
you need to copy the securityharden .admx 
file to the PolicyDefinitions folder in SYS- 
VOL, and the corresponding .adml file to the 
en-US subfolder. Then you need to create a 
newGPO, enable SYN attack protection, and 
link the policy in AD: 

1. Open the Group Policy Management 
Console (GPMC) from Administrative 
Tools on the Start menu. 

2. Expand the forest node, and drill 
down to the Group Policy Objects node 
for your domain. Right-click Group Policy 
Objects and select New from the menu. 
Give the policy a name and click OK. 

3. Expand Computer Configuration, 
then click Administrative Templates, and 
you'll see a new category called Security 
Hardening. 

4. Double-click SynAttackProtect under 
Setting in the right-hand pane of GPOE 
and you'll be able to enable or disable the 
setting, as Figure 9 shows. 

5. The red no-entry sign you see in Fig¬ 
ure 9 identifies this setting as a Preference; 
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therefore you can't 
roll it back by simply 
unlinking the policy 
in GPMC. Select 
Enabled and click 
OK. Close GPOE. 

6. In GPMC, link 
the new GPO to an 
Organizational Unit 
(OU) that contains 
the machines to which you want to apply 
the policy, and run gpupdate /force on one 
of the computers targeted by the GPO. 

7. Use regedit to check that the SynAt¬ 
tackProtect value has been added to the 
registry with the correct parameter, as 
Figure 10 shows. 

Pros and Cons 

The real security advantage of the .admx 
format is its ability to use a central store, 


Figure 9: Enabling SYN attack protection 

but there are other gains, such as reduc¬ 
ing the size of SYSVOL and reducing the 
amount of data that needs to be replicated 
between DCs. ADMX Migrator is a little 
slow and buggy, so if you're familiar with 
XML, you might prefer to "raw" edit the 
files, using an XML editor. Before creat¬ 
ing or editing an .admx file, you should 
consider whether you need to allow the 
registry-based setting to be enabled or 
disabled from within GPOE, or whether 
you can import the setting preconfigured 
into a GPO using a Security Configuration 
Editor (SCE) template (i.e., .inf file). If you 
have Server 2008 DCs, a GPP is likely to be 
the preferred method for manipulating the 
registry. Think ahead about what you're 
trying to achieve, and which method will 
attain the goal with the lowest administra- 

• / u K 

tive cost. ▼ 

InstantDoc ID 99709 


Russell Smith 

(rms45@rsitc.com) is an indepen¬ 
dent IT consultant. He has been 
working in IT since 2000, special¬ 
izing in security and systems 
management. 
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Figure 10: Verifying that SynAttackProtect is active 
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_He moved the data center to the top of a dam. 

_DAY 44: I’ve got it: IBM Services can help us design a 
data center that runs on fewer, more energy-efficient IBM 
Systems, driving utilization up and costs down. IBM 
Systems Director Active Energy Manager™ and IBM Tivoli 
software can help monitor usage and manage costs. It’s all 
part of their approach to the new enterprise data center. 


Good—I m not that into dams 


I m more of a fjord guy 


.INFRASTRUCTURE LOG 


_DAY 41: Our processing needs and energy bills keep 
growing! We’re spending so much just powering and cooling 
our machines. Gil knows where we can generate more power. 



Tivoli 


Find out how energy efficient your company is at: 

IBM.COM/TAKEBACKCONTROL/EFFICIENT 


IBM, the IBM logo, ibm.com, IBM Systems Director Active Energy Manager, Tivoli and Take Back Control are trademarks or registered trademarks of International Business Machines Corporation 
in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols 
indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other 
countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. ©2008 IBM Corporation. All rights reserved. 

























Introducing an integrated approach to complete 
SharePoint protection and management 


DocAve™ Software for SharePoint 
Changing the way Administrators manage SharePoint 



FREE 30 DAY TRIAL 
Download at 
www.avepoint.com 


SharePoint management made simple. 

Now you can control and manage the back-end of 
all your SharePoint environments from one place. 
DocAve is the only truly integrated, easy-to-use 
software that offers a complete set of SharePoint 
backup, recovery, and administration tools. One 
solution, with many mix-and-match functions, 
now gives you power like never before. 


Complete SharePoint protection. 

With item-level backup and full-fidelity restore, 
DocAve allows for fast recovery of business critical 
documents and content. Complete SharePoint 
platform backup allows for quick and painless 
recovery of the entire system during a disaster. 
With DocAve, you’ll have complete confidence 
in your SharePoint environment. 



AvePoint 


Call 1-800-661-6588 or visit wwwAvePoint.com for 
more information or to download a free trial. 


AvePoint, Inc. All rights reserved. DocAve, AvePoint, and the AvePoint logo are trademarks of AvePoint, Inc. All other names mentioned are property of their respective owners. 
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Using SharePoint for 

Extranets 


I recently finished an extranet system 
implementation using Windows 
SharePoint Services (WSS) 3.0. In 
this overview of my experiences 
and guidance, I outline the benefits 
of using SharePoint for your extra- 
net solution, describe extranet topology and 
taxonomy, explain the available authentica¬ 
tion methods, and offer recommendations 
for extranets that span several disciplines. 

Extranets 

An extranet is a network typically used to 
exchange information between someone 
in your company and a client, customer, 
or business partner. It's an extension of a 
company's intranet, but not as public as its 
public website. Because of this, a company 
most likely has multiple extranets—one for 
each client, customer, or partner. 

When designing an extranet solution, 
you usually desire a similar set of require¬ 
ments. An example of a prioritized list of 
requirements might include the following: 

• Security 
• Ease of use 

• Document management 
• Searching 
• Change notification 
• Lists (calendar of events, contacts, tasks or 
other custom data) 

Ten years ago, a company that wanted an 
extranet solution would need to build one 
from scratch or hire a consultant to custom¬ 
ize a product that did something similar to 
what the company required. Since then, 
extranets have become so popular that 
hosted extranet solutions have emerged to 
satisfy the demand. 

During the past few years, SharePoint has 
emerged as one of the top extranet solutions 


that companies are considering. SharePoint 
is not only a collaboration website, but a 
framework that developers can use to build 
entire applications. Out of the box, SharePoint 
includes document management, search, 
change notification, and list functionality 
while maintaining a high ease of use through 
its UI customization options. To finish out 
our requirements list, all SharePoint content 
is stored within a SQL Server database, so 
security can be well-controlled. 

Although I used WSS 3.0 for my extranet, 
you could also use Microsoft Office Share- 
Point Server (MOSS) 2007. Lor a discussion 
about which platform is best suited for your 
situation, see the sidebar "SharePoint Extra- 
nets: WSS or MOSS?" on page 54. 


An easier way to 
share information 
outside your 
network 
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SharePoint 
Extranets: 
WSS or 
MOSS? 

When you use SharePoint to 

set up an extranet, you first need to decide 
whether to use Windows SharePoint Ser¬ 
vices (WSS) 3.0 or Microsoft Office Share- 
Point Server (MOSS) 2007. If WSS will ade¬ 
quately fulfill your specific requirements (in 
my case, security, ease of use, document 
management, search, change notification, 
lists), then it would be the logical choice. 
If you need functionality that WSS doesn't 
provide, then you'll want to use MOSS. 

For example, in WSS, search is merely 
a service for indexing a content database. 
MOSS search can index a variety of sources, 
which would allow external users to search 
across multiple site collections (extranets). 
If this is a must-have requirement for your 
external users, you should consider MOSS. 
However, if your internal users are the only 
ones with a need for this functionality, 
consider deploying MOSS on your intranet 
instead of on your extranet, and then point 
the search index crawler to your extranet's 
site collections. 

Although WSS is less expensive to 
license than MOSS, this initial expense likely 
doesn't represent the bulk of your licensing 
costs. SharePoint can be deployed in such a 
variety of ways that licensing of all involved 
servers becomes quite complicated. For the 
purposes of an extranet, you might also need 
to purchase an external connector license. 
Ultimately, you might have to discuss these 
details with a Microsoft licensing represen¬ 
tative. To get a head start on your licens¬ 
ing research, read the Office&SharePoint 
Pro.com articles "Licensing Windows 
SharePoint Services for the Extranets"(www 
.officesharepointpro.com/content/1924/ 
Licen se-to-Fi 11—Licen sing-Win dows- 
SharePoint-Services-for-the-Extranet- 
.aspx) and "Licensing Windows SharePoint 
Services" (www.officesharepointpro.com/ 
content/1925/Licensing-Windows-Share- 
Poi nt-Services-.aspx). 

InstantDoc ID 99651 


Extranet Topology 

Because SharePoint is an ASP.NET 2.0 web 
application, it supports any external-facing 
topology that web applications support. 
The best practice is to host SharePoint 
within the demilitarized zone (DMZ) and 
use Microsoft ISA Server as an application- 
level firewall. For more details about the 
different topologies and architectures, read 
Microsoft's extranet topology guidance at 
technet.microsoft.com/en-us/library/ 
cc263513.aspx. 

Extranet Taxonomy 

At the highest level, SharePoint organizes 
itself as a collection of web applications. 
A web application can have multiple site 
collections that each contain multiple sites. 
Because of the time it takes for configura¬ 
tion, you don't create a new web application 
in SharePoint each time you need to provi¬ 
sion an extranet. Therefore, the SharePoint 
object that best maps to an extranet is a site 
collection. A single web application can con¬ 
tain as many as 50,000 site collections before 
performance begins to degrade. Figure 1 
shows an example of a basic taxonomy. 

SharePoint organizes information in site 
collections into a set of content databases. 
See the web-exclusive sidebar “ContentData- 
bases for Extranets" (www.windowsitpro 
.com, InstantDoc ID 99654) for more infor¬ 
mation and recommendations regarding 
content databases. 


Authentication 

When determining how to authenticate 
users in SharePoint, you have more options 
in WSS 3.0 than ever before, thanks mostly 
to ASP.NET 2.0's membership provider API. 
Each web application supports as many 
as five different authentication methods 
(or providers) through the use of a feature 
called zones. Each time a new authentica¬ 
tion provider is added to a web application, 
a new website is created for that zone in 
Microsoft IIS. Table 1 lists the zones for an 
extranet web application. Even though the 
site address is different between zones, 
SharePoint will resolve both requests to the 
same web application. 

SharePoint also allows port numbers for 
zone identification, as Table 2 shows, but this 
is not typically recommended for extranets 
since firewalls usually only allow web traffic 
ports such as 80 and 443. Also, some features 
of SharePoint might not behave as intended 
on a custom port over the internet. 

Web Figure 1 (www.windowsitpro.com, 
InstantDoc I D 99650) shows the Zone name 
options displayed on the Extend an Existing 
Web Application page. Zone names suggest a 
specific usage, but it's only for administrative 
convenience. When extending an existing 
web application to a new zone, the name you 
choose doesn't matter. 

You have three options for web authen¬ 
tication: Windows, ASP.NET Forms, or web 
single sign-on (SSO). The following discus- 





Figure 1: Extranet 
taxonomy example 
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Table 1: Zone List for an Extranet Web Application 
Zone I Site address 


Default http://extranet 

Extranet http://extranet.company.com 


Table 2: Zone List Using Port Numbers 
Zone I URL 


Defa u It htt p://ext ra n et.co m pa ny.co m 

Extranet http://extranet.company.com:8102 


sion outlines these authentication types to 
help you determine which one is best for 
your specific requirements. 

Windows authentication. In WSS 2.0, 
Windows authentication was the only 
authentication option. Even though the 
authentication system has been drastically 
improved in WSS 3.0, Windows authenti¬ 
cation is still the only choice that offers all 
SharePoint features and enhanced client 
integration out of the box. Although fea¬ 
tures such as support for WWW Distributed 
Authoring and Versioning (WebDAV) and 
Microsoft Office integration might not be 
your highest priority, they're very conve¬ 
nient in some circumstances. 

In organizations that use Active Direc¬ 
tory (AD), Windows authentication is the 
most popular choice for internal users. It 
allows them to access extranets without 
having to sign in if they use their browser's 
integrated Windows authentication feature. 
In Microsoft Internet Explorer (IE), you 
can configure this feature by including the 
address in the Local Intranet sites list. 

ASP.NET forms-based authentication. 
Historically, users behind proxy servers 
have had difficulty accessing a website that 
requires Windows authentication. There¬ 
fore, one of the authentication options in 
WSS 3.0 is ASP.NET Forms, or forms-based 
authentication (FBA). FBA is the same 
authentication provider model included 
with ASP.NET 2.0. It presents the user with 
a web page (form) containing a text box for 
the username and password. FBA is exten¬ 
sible, letting you use any authentication and 
authorization method you require, provided 
you write a custom provider. Because writing 
an authentication provider is time consum¬ 
ing and a major project in itself, some pro¬ 
viders are offered out of the box. ASP.NET 
includes a provider for SQL Server data¬ 
bases, and MOSS adds one for LDAP (such 


as AD or Active Directory Appli¬ 
cation Mode—ADAM). If you 
plan to use ADAM with WSS, 
you should consider using the 
External Collaboration Toolkit 
solution accelerator, which 
includes a provider for 
ADAM. You can download 
the toolkit at www.microsoft 
.com/downloads/details 
.aspx?FamilyId=D9AF2C25- 
989C-45C4-8008-1F1572 
2190ED&displaylang=en . FBA does have 
some caveats, however. See the sidebar 
"FBA: the Downside'' to find out what you 
should know before selecting FBA as your 
authentication method. 

Web SSO authentication. Web SSO 
authentication involves settingup a domain 
trust over the Internet with another com¬ 
pany, such as a business partner. This 
method uses Active Directory Federation 
Services (ADFS), but it can also accept SAML 
1.1 tokens from other identity management 
systems that implement the WS-Federation 
specification. By trusting an organization 
through Web SSO, you can leave the tasks 
of provisioning and deactivating accounts 
to your Web SSO partners. 

Zone Address Consolidation 

Most extranet zone configurations in the doc¬ 
umentation and articles I've read appear sim¬ 
ilar to those in Table 1. The assumption about 
this configuration is that you'll authenticate 
internal users using Windows via an intranet¬ 
like address and authenticate external users 
using FBA via an Internet-like address. This 
configuration can create confusion for users, 
both internal and external, during collabora¬ 
tion. It would be more intuitive to have a 
single website address for both internal and 
external users. However, SharePoint doesn't 
offer an easy way to configure multiple zones 
that use the same host header. To set this up, 
you'll need to use IIS. 

IIS won't host two websites with the 
same host name on the same port unless 
the request originates from different IP 
addresses. To enable this behavior for Share- 
Point, first assign multiple IP addresses to 
your web server. Then, open each website 
and assign it to a different IP address. 

SharePoint doesn't provide an option 
to specify an IP address when creating or 
extending a web application. The workaround 


is to enter a random port number along with 
the common host name on the Extend an 
Existing Web Application page. After the site 
is created, change the port back to 80 and set 
up your IP address binding. 

SSL 

The ability of Secure Sockets Layer (SSL) 
to protect sensitive data over the Internet 
makes it a must-have for extranets. Ideally, 


FBA: the 
Downside 

ASP.NET forms-based authentication 
(FBA) is currently a popular choice for 
extranet solutions in SharePoint. However, 
implementing FBA isn't one of the more 
pleasant experiences in SharePoint. It 
requires hand-editing the web.config file 
and doesn't have much of a Ul in the Cen¬ 
tral Administration console for configura¬ 
tion. Furthermore, rich client integration 
features are affected a bit. In Central 
Administration, when you assign your 
web application to use an FBA provider, 
the Enable Client Integration check box 
is cleared by default. This is SharePoint's 
way of warning you about some future 
potential problems. If client integration is 
turned on for FBA, Microsoft claims that 
most Office integration features should 
work, but that they need to be thor¬ 
oughly tested first. You can find FBA client 
integration workarounds and tricks on 
the web, and some are even hosted on 
CodePlex, but Microsoft doesn't support 
them. Finally, keep in mind that using FBA 
requires purchasing an external connec¬ 
tor license, which will increase the total 
solution cost. My general recommenda¬ 
tion regarding FBA is to try to avoid it 
if possible, or follow the advice in the 
MSDN article "Forms Authentication in 
SharePoint Products and Technologies 
(Part 1): Introduction" at msdn.microsoft 
.com/en-us/library/bb975136.aspx, which 
states,"Before using forms authentication, 
determine why to use forms authentica¬ 
tion in the first place: What is the business 
driver?" 
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Figure 2: Requiring SSL for a website in IIS 

an SSL connection should be forced for 
external users, but for performance reasons, 
optional for users already logged on to the 
local network. To make sure SharePoint 
will serve up requests for an SSL-protected 
site, you need to create an HTTP Secure 
(https) alternate access mapping (AAM) 
entry. Setting up an SSL certificate in IIS for 
a SharePoint website is no different than for 
any other IIS website. 

Now that I've made my case for con¬ 
solidated zone addressing, how would this 
work with SSL? Let's imagine a hypothetical 
collaboration case. An internal employee 
accesses the extranet from within the com¬ 
pany via Windows authentication without 
SSL. The employee creates a document 
and emails an external user a shortcut to 
the document. Because the internal user 
isn't required to use SSL, the link might 
looklike this: http://extranet.company.com/ 
sites/xyzco/documents/docl.doc. Because 
the external user can't access the website 
without an encrypted (i.e., SSL) connection 
to the web server, clicking this link would 
return an error message. The web server 
intercepts the error and tries to correct the 
link by changing its prefix to https instead of 
http (e.g., https://extranet.company.com/ 


sites/xyzco/documents/docl.doc). The 
request is then processed, and the docu¬ 
ment is downloaded. You can implement 
this automatic redirection for SharePoint by 
taking the following steps in IIS: 

1. Right-click the website and choose 
Properties. Click the Directory Security tab. 
Click Edit under the Secure Communica¬ 
tions section and select the Require secure 
channel (SSL) check box as Figure 2 shows. 
This will reject non-encrypted traffic and 
provide an HTTP 403.4 (Forbidden. SSL 
required) error message. 

2. Replace IIS's 403-4 error page with one 
that redirects all “http" requests to “https" 
One way to do this is to add the following 
favaScript code to the 403-4.htm error page: 

if (location.protocol != ‘https:’) 
window.location = ‘https://’ 

+ location.host 
+ location.pathname 
+ location.search; 

Alternatively, you could avoid setting up 
two zones and simply use Windows authen¬ 
tication for internal and external users. 
This would mean you currently have only 
one website in IIS, and this setting would 
force internal and external users to use SSL. 


Because IIS can't discern whether a user is 
internal or external, you'll need to create 
another website if you want this behavior. 
You'll still need to extend the web applica¬ 
tion to another zone even if it uses the same 
authentication provider. 

To put it all together, consider the extra- 
net web application's zone configuration 
example in Table 3. This configuration uses 
three IP addresses on the web server to assign 
requests to specific zones. In IIS, the websites 
would look like those in Web Figure 2. 

The only remaining challenge is to 
make sure the right IP address is used for 
each website. Because your company man¬ 
ages its DNS, you can assign the extranet's 
site address to the IP address that IIS is 
using for the internal authentication pro¬ 
vider. Also controlled within your compa¬ 
ny's environment is how the external DNS 
entry (and external IP address) is mapped 
to an internal IP address (For example, a 
firewall translates an external IP address 
into a specific internal IP address that's 
different from the one your internal DNS 
uses.) Finally, business partners that use 
Web SSO will need to add a new forward 
lookup DNS zone in their environment 
to override the default public DNS entry. 
Keep in mind that if you plan to provide 
multiple externally facing zones that share 
the same site address, you'll need a sepa¬ 
rate public IP address for each one that 
points to your web server. 

Extranets Made Easier 

Extranets are complicated, and what I've 
outlined is definitely a simplistic solution 
and shouldn't be considered the ideal extra- 
net solution for every situation. Based on my 
experience with SharePoint for this imple¬ 
mentation and seeing what the platform 
is capable of, I believe that SharePoint will 
continue to grow in popularity and maturity 
as an extranet solution. 

InstantDoc ID 99650 


Tim Jones 

(me.timjones@gmail.com) is 
a web developer at Bracewell 
& Giuliani. He has specialized 
in database design, extranets, 
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than 10 years. Tim blogs about 
software development at http:// 
simplyaprogrammer.com. 


Table 3: Multiple Zones Sharing the Same Host Header 

Zone I Preferred URL I Provider I IP Address 


Default http://extranet.company.com Windows 192.168.1.101 

Extranet https://extranet.company.com ASP.NET Forms 192.168.1.102 

Custom https://extranet.company.com Web SSO 192.168.1.103 
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WHAT'S CUTTIN© EDGE IN 
THE INDUSTRY 

STEVE RILEY 
MICROSOFT 
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■ Virtualization: Server, Desktop 
& Application 


■ Collaboration St Productivity 

■ Enterprise Security 

■ Infrastructure Optimization 

■ Unified Communications 

■ Systems Management 

■ Cloud Computing 

■ Auditing St Compliance 

■ Business Automation 


70 sessions, panels, workshops, and group discussions. 
IT management and IT professionals work on 
strategy together. 

Network with industry experts, authors, and peers. 
Enjoy one of the most beautiful cities in the world. 


EARLY BIRD BONUS! 

receive a FREE NIGHT at the San Francisco Marriott 
if you register by August 25 th 2008 

(based on a 3-night minimum stay) 



BRING YOUR IT TEAM • REGISTER TODAY! • 800-438-6720 • 203-268-3204 


CONTENT BROUGHT TO YOU BY MICROSOFT, INDUSTRY EXPERTS, TECHNET MAGAZINE, WINDOWS IT PRO MAGAZINE, PENTON, TECH CONFERENCES, INC. 


WWW.ITPROCONNECTIONS.COM 
















CONFERENCE INFORMATION 


CIO • CTO • DIRECTOR • ARCHITECT • ANALYST • CONSULTANT • VISIONARY 



STRATEGIES 

DEFINED 


Over 50 in-depth 
technical sessions, 

30 strategic sessions 
and Panels with 
Microsoft and industry 
experts addressing 
the strategic and 
technical challenges 
facing IT leadership. 

Capped off with 
one-of-a-kind group 
sessions that unify your 
team to align strategy 
and technology. 


Connect with your team and your peers in this 
stellar 3-day conference featuring strategic and 
technical workshops and unique interactive 
sessions with Microsoft and top technical and 
visionary experts. Equip yourself and your team 
to align important new trends and technologies 
to achieve your near- and long-term objectives. 


Gain the INSIGHT you need to 
LEAD THE WAY to an agile enterprise. 


Evaluate virtualization 
solutions from Microsoft, 
VMware, and others 

Ensure compliance with 
external and internal policies 
and regulations 

Architect effective 
collaboration and messaging 

Streamline and secure 
administrative workflows 


Deliver agile and manageable 
IT services 

Build the case for effective 
datacenter consolidation 
and outsourcing 

Calculate the real ROI of 
over-hyped technologies 

And much more! 


In-depth, intelligent, and informed discussions about the trends 
and technologies that can disrupt or empower your enterprise with 
peers, experts, vendors, analysts-together. 


2 Register Today! Call 800-438-6720 www.ITProConnections.com 
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IT PROFESSIONAL • ADMINISTRATOR • ENGINEER • TECHNICIAN • EXPERT 


CONFERENCE INFORMATION 


Beyond the hype, behind the scenes. 

IT Connections brings the nation's top experts 
together to dive deep into the platforms 
and products you design, implement, and 
support, today and tomorrow. 


Examine the strategic 
considerations that drive 
your management's 
decisions! 


Discover the SOLUTIONS you need to 
SECURE AND MANAGE your technologies. 


Unify messaging and 
communications 

Automate and provision 
administration 

Manage configuration 

Support collaboration and 
search 

Lock down administrative 
credentials 


Secure your enterprise 
network and applications 

Virtualize servers, desktops, 
and applications 

Make effective use of 
storage options 

And much more! 


Explore challenges 
that face your team 
every day! 


OCTOBER 6-8, 2008 

San Francisco Marriott 
San Francisco, CA 


PROBLEMS 

SOLVED 


Two days of intensive 
technical sessions 
solving the most 
problematic issues that 
confront IT professionals 
in today's complex 
enterprise environment. 


Rounded out with group 
discussions that bring 
together your team, 
your peers, experts, and 
special guests. 


A three-day event 
that educates IT 
professionals and 
IT management and 
brings them together 
to plan strategy. 









CONFERENCE INFORMATION 


CIO • CTO • DIRECTO 

R • ARCHITECT • ANALYST • CONSULTANT • VISIONARY 

STRATEGIES 

DEFINED 

FOR IT LEADERSHIP 

» IT Connections is loaded with 

i in-depth, invaluable strategic sessions 


■ Microsoft IT Compliance: Policy, HBI, SOX, and PCI 

■ Multi-Site Clustering with Windows Server 2008 
Enterprise 

■ Understanding the Microsoft Server Virtualization 
Portfolio, Including Hyper-V 

■ Advanced Security & Administration Part I: 

Role-Based Management 

■ Application Virtualization 

■ Automating Server Management: What Works, What 
Doesn't, What's Coming 

■ Collaboration Reimagined: Office Applications 
as SharePoint Clients 

■ Configuration Management for the Windows Enterprise 

■ Consumerization of IT 

■ Desktop and Server Virtualization: Solutions & ROI 

■ Dynamic IT and Security (Part 1 of 5): Overview 

■ Dynamic IT and Security (Part 2 of 5): Desktop, 
Device, and Server Management 


■ Dynamic IT and Security (Part 3 of 5): Network 
and Edge Protection 

■ Dynamic IT and Security (Part 4 of 5): Identity 
and Access 

■ Dynamic IT and Security (Part 5 of 5): Data 
Protection 

■ Everything You Need to Know About Storage 
Technologies but Were Afraid to Ask 

■ SharePoint Governance 

■ Hyper-V and ESX Comparison 

■ Management 2.0 

■ Cloud Computing 

■ Understanding SharePoint Search 

■ Outsourcing Services and Applications: SAAS 
and Hosted Applications 

■ System Center Essentials: Why You Need It 

■ Understanding the Business & Technical Value of 
Terminal Services in Windows Server 2008 


IN-DEPTH ANALYSIS AND DISCUSSION 
PANELS and Q&A sessions 


Only IT Connections offers valuable discussions with your team, your peers, analysts, experts and special 
guests. On Wednesday morning, unify your vision and direction around key technologies and trends. 
Panels and Q&A sessions already scheduled include: 


Automating the Modern Windows Enterprise 

Consumerization of IT 

Desktop and Application Virtualization 

Exploring Out-of-the-Box Solutions with SharePoint 2007 that Bring 

Immediate Value to Your Organization 

Identity Without Borders: Bringing the Identity Metasystem to the 

Enterprise 


Management 2.0 

Refining Active Directory Design & Active Directory Administration 
Server Virtualization 

The Business Case for Windows Server 2008 
Windows Security Implementation, Auditing, and Compliance: 
Process, tools, and procedures to meet compliancy regulations 
Windows Server 2008 and Windows Vista: If Not Now, When? 


4 Register Today! Call 800-438-6720 www.ITProConnections.com 
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FOR IT PROFESSIONALS 

PROBLEMS 

SOLVED 

» Many sessions address both leadership and IT pros, so take advantat 
and perspective of sessions in any track! 

5 re of the expertise 


Business Automation for Windows 

Automated Reporting for Enterprise-Wide 
Configuration Data 

Automating and Controlling Active Directory 
Management 

Automating Group Policy Management Using 
PowerShell 

Automating Server Management: What Works, 

What Doesn't, What's Coming 

Automating the Modern Windows Enterprise 

Windows Automation Boot Camp 

Windows PowerShell: A First Step on the Path to 

Automation 

Configuration Management 

Advanced Group Policy Features in Windows Vista 
and 2008 

Advanced Group Policy Settings in Windows Vista 
and 2008 

Automated Reporting for Enterprise-Wide 
Configuration Data 

Automating and Controlling Active Directory 
Management 

Automating Group Policy Management using 
PowerShell 

Configuration Management for the Windows 
Enterprise 

Dynamic IT and Security (Part 2 of 5): Desktop, 
Device, and Server Management 
Step-by-Step: Creating a Secure Desktop with 
Group Policy 

System Center Essentials: Why You Need It 

Enterprise Security 

Microsoft IT Compliance: Policy, HBI, SOX, and PCI 
Network Access Protection Overview 
Advanced Security & Administration Part I: 
Role-Based Management 
Advanced Security & Administration Part II: 
Administrative Delegation, Lockdown, and 
Provisioning 

Auditing Windows Server and Active Directory LIVE! 
Dynamic IT and Security (Part 1 of 5): Overview 
Dynamic IT and Security (Part 3 of 5): Network 
and Edge Protection 

Dynamic IT and Security (Part 4 of 5): Identity 
and Access 


Identity without Borders: Bringing the Identity 
Metasystem to the Enterprise 
Reimagining the Security and Mobility of Shared 
& User Business Data 

Security Auditing of Active Directory and Servers: 
Being Prepared at all Times for the Audit 
Security for SharePoint in an Insecure World 
Simplifying the Management of Your Network 
Security 

Step-by-Step: Creating a Secure Desktop with 
Group Policy 

The Reality of Running End Users as Standard 
Users (LUA and UAC) 

Windows Security Implementation, Auditing, and 
Compliance 

Implementing SharePoint 

21st Century File Sharing: Configuring and 
Managing SharePoint Document Libraries 
SharePoint Planning, Deployment and 
Administration 

Backup and Restore for SharePoint 
Collaboration Reimagined: Office Applications as 
SharePoint Clients 

Out of the Box SharePoint Solutions that Bring 

Immediate Value 

SharePoint Governance 

Understanding Everything SharePoint Search 

Out-of-the-Box 

Security for SharePoint in an Insecure World 
Thinking Outside the Mailbox: SharePoint as a 
Replacement for Ad Hoc E-mail Collaboration 

Unified Communications 

How to Get the Most From Office Communications 
Server 2007 

How to Plan and Carry Out Your Exchange 2007 
Migration 

How to Secure Mobile Devices with Exchange 2007 
and System Center Mobile Device Manager 2007 
Presence Everywhere: Why Presence and IM Are a 
Great Investment 


Virtualization: Server, Desktop and 
Application 

Configuring Windows Server 2008 Hyper-V for 
High Availability 

Deploying Windows Server 2008 Hyper-V and 

Microsoft System Center Virtual Machine Manager 

Understanding the Microsoft Server 

Virtualization Portfolio, Including Hyper-V 

Application Virtualization 

Desktop and Server Virtualization: Solutions & ROI 

Hyper-V and ESX Comparison 

Implementing Disaster Recovery in Virtualization 

Environments 

Introduction to Microsoft's Hyper-V Virtualization 
Solution 

Server Virtualization Chalk Talk 
Understanding the Business & Technical Value of 
Terminal Services in Windows Server 2008 

Windows Server, Client and 
Enterprise Platforms 

Easing Management and Securing Remote Offices 
with Windows Server 2008 
Multi-Site Clustering with Windows Server 2008 
Enterprise 

Securing and Tuning Microsoft Internet 
Information Services 7.0 
Server Core Configuration 
Automated Reporting for Enterprise-Wide 
Configuration Data 

Automating and Controlling Active Directory 
Management 

The Business Case for Windows Server 2008 

Identity without Borders: Bringing the Identity 

Metasystem to the Enterprise 

Refining Active Directory Design and Active 

Directory Administration 

Step-by-Step: Creating a Secure Desktop with 

Group Policy 

The MDT and Beyond: Deployment Frameworks 
for Real-World Success 

The Reality of Running End Users as Standard 
Users (LUA and UAC) 

Windows Server 2008 and Windows Vista: If Not 
Now, When? 
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IT CONNECTIONS DELIVERS: Seize the opportunity to keep your company's competitive edge! 


CIO • CTO • DIRECTOR • ARCHITECT • ANALYST • CONSULTANT • VISIONARY 


WHAT 


S 


Sing from the same songbook and be an IT IDOL 



IT Connections enables your team to come together around key 
trends and technologies that impact the enterprise. What better 


SCHEDULE AT A GLANCE 


SUNDAY, OCTOBER 5, 2008 


9:00am - 4:00pm Pre-Conference Workshops 



TUESDAY, OCTOBER 7, 2008 


8:30am - 1:00pm Conference Sessions 

1:00pm - 6:00pm Lunch/Expo Hall 

5:45pm Cruise Raffle Must be present to win! 



One-on-one with the experts at the IT Experts Cabana 


2:30pm - 5:30pm Conference Sessions 


WEDNESDAY, OCTOBER 8, 2008 


8:00am - 12:15pm Panels and OXA Sessions 

12:15pm Regular Conference Ends 


Where else can you get your questions answered by the 
biggest names in the industry? Meet face-to-face with our 
experts and special guests in an informal setting at the 


1:30pm - 5:00pm Post Conference Workshop 


IT Experts Cabana in the Expo Hall. 




Visit our Expo Hall and enter the raffle to win a cruise for two. 
Winner selected Tuesday at 5:45 PM in the Expo Hall. 


6 Register Today! Call 800-438-6720 www.ITProConnections.com 
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■ IT Connections brings together both IT profes¬ 
sionals and their leadership-management and 
executives-in a one-of-a-kind event. The three- 
day conference delivers premium, in-depth con¬ 
tent designed to enhance the knowledge, pro¬ 
ductivity, and collaboration of the strategic deci¬ 
sion makers and those tasked with implementing 
IT strategy and objectives on a day-to-day basis. 

■ IT Connections allows you to bring the team! IT 
leadership and management can unravel the 
hype surrounding the disruptive technologies 
and trends that face the IT organization and 
evaluate the products and solutions that 
enable a dynamic enterprise. IT pros can learn 
what it takes to deliver those solutions. 

■ Unigue group discussions will help the leadership 
of IT organizations better understand the techni¬ 
cal issues and concerns of their staff, and will 
give the leadership a chance to get closer to the 
technology. IT pros will be given the opportunity 
to gain a more strategic perspective on their jobs 
and the role of technologies they support. 


■ Building on the combined strengths of 
Microsoft, Windows IT Pro magazine, TechNet 
Magazine, and the popular series of Connections 
events, IT Pro Connections brings to you a 
stellar array of product insiders, experienced 
consultants, analysts and visionaries. 

■ IT Connections will be distinguished by the 
valuable blend of Microsoft and independent 
expertise. Attendees will benefit from guidance 
directly from the source, and from the experi¬ 
ence of the nation's top, independent consult¬ 
ants, trainers, and authors. 

■ You'll benefit from the combined expertise and 
perspectives of your team, your peers, and 
many of the industry's most respected experts- 
all at once. 

■ This unigue blend of perspectives will enable 
organizations to chart a realistic technology 
roadmap, to define and refine designs, and to 
improve the security, manageability, and per¬ 
formance of technology frameworks in the 
enterprise. 


WHAT'S THE 
SCOOP? 


■ IT Connections provides a value-laden forum to 
connect with peers from other enterprises, to 
meet best-of-class vendors, and to get gues- 
tions answered during one-on-one time with 
Connections experts. Don't miss this one-of-a- 
kind opportunity for IT leadership and IT pro¬ 
fessionals to get away from the office, to learn, 
to discuss, to challenge, to chart, and to solve. 


If you cannot make it to San Francisco, you may be interested in .... 


NOVEMBER 10-13, 2008 • LAS VEGAS, NV 


GET CONNECTED TO: Expert Speakers • Exceptional Content * Exciting Location 


KEYNOTE SPEAKERS 



STEVE RILEY MARK MINASI THOMAS RIZZO SCOTT GUTHRIE 



Senior security 
strategist in 
Microsoft's 
Trustworthy 
Computing Group 

MICROSOFT 


Best-selling author, 
popular technology 
columnist, 
commentator 

MR&D 


Director in the 
SharePoint group 

MICROSOFT 


Corporate Vice 
President, .NET 
Developer Division 

MICROSOFT 


» 


MANDALAY BAY 
RESORT & CASINO 

WITH OVER 5,000 ATTENDEES, 
LAST FALL SOLD OUT! 


MICROSOFT 

EXCHANGE 

Connections 

2008 


UNIFIED 

COMMUNICATIONS 

Connections 

2po8 


WINDOWS 

Connections 

2008 


SharePoint 

Connections 

2008 


REGISTER TODAY! 

WinConnections.com ■ 800-438-6720 ■ 203-268-3204 

Microsoft Windows TechNet HHi 
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The cost of > 
a workshop is 
in addition to 
the regular 
conference y 
fee. y 


PRE-CONFERENCE WORKSHOPS 


OCTOBER 5, 2008 

PRE-CONFERENCE FULL-DAY WORKSHOP • 9AM-4PM 

WINDOWS AUTOMATION BOOT CAMP 
DON JONES 

Automation by any means necessary! In this fast-paced full-day workshop, 
automation expert Don Jones will explore common business and technical sce¬ 
narios that are ripe for automation, and introduce you to tools and technolo¬ 
gies that can enable that automation today. You'll get a complete crash course 
in Windows PowerShell, including the new shell's simplified, 14-keyword "script¬ 
ing language'' and how it can be used to automate business processes and 
administrative tasks. Moving beyond PowerShell, you'll discover freely-avail- 
able and commercial third-party tools that can automate some of the most 
common and critical administrative tasks, including Active Directory manage¬ 
ment, permissions provisioning and management, service management, and 
much more. When commercial tools turn out to be the right answer (vs. free or 
roll-your-own), Don provides a shopping list of key capabilities for your use in 
evaluating products and provides a punch list of the most common products 
to give you a head start. Finally, you'll learn how to "glue together" standalone 
tools and utilities to automate entire business processes, not tasks, using 
"wrapper" technologies such as VBScript, Windows PowerShell, and more. This 
is not a hands-on session-you will not need a laptop unless you wish to take 
notes. Power for laptops will not be provided. 

■ Learn how to use Windows PowerShell and its scripting language to 
automate common tasks 

■ Learn to evaluate commercial automation tools without overlooking 
key capabilities 

■ Learn about freely-available tools that can automate some of the most 
onerous administrative tasks, without scripting 

■ Receive templates to help "glue together" disparate utilities to create 
complete automation for complex business processes 


PRE-CONFERENCE FULL-DAY WORKSHOP • 9AM-4PM 

AUDITING WINDOWS SERVER AND ACTIVE DIRECTORY LIVE! 
DEREK MELBER 

Securing and auditing Windows networks is not the easiest thing in the world. 
When you are up against the gun to secure Active Directory or audit the entire 
domain, there are plenty of controls to consider. Microsoft does not put many 
tools in the product to perform an audit, but they do to configure security of 
nearly every aspect of the network. In this full day workshop, you will be 
exposed to nearly every aspect of security and auditing Windows Active 
Directory, Group Policy, domain controllers, servers, and even desktops. We will 
not leave any stone uncovered when we dive into securing resources, user 
rights, audit policies, authentication, anonymous connections, user accounts, 
passwords, and more. You will know exactly how to secure and audit every 
aspect of your Windows Active Directory environment. Author and consultant 
Derek Melber will show you how to efficiently develop and implement an audit 
program that will save time and money. He has trained thousands of security 
and audit professionals all over the world on Windows security. As the author of 
the only book Microsoft has written on Group Policy, he brings an exciting and 
innovative approach to securing and auditing your Active Directory domain. 

■ Learn to audit all aspects of a Windows Active Directory domain 

■ Learn how to secure domain controllers 

■ Learn how to configure users and groups properly and securely 

■ Learn how to use Group Policy to enforce and ensure security 
configurations 

■ Learn how to use built-in tools, free tools, and other software to gather 
and analyze security information 

PRE-CONFERENCE FULL-DAY WORKSHOP • 9AM-4PM 

BEYOND MESSAGING: THE FEATURES AND FUNCTIONALITY OF 
MICROSOFT EXCHANGE SERVER 2007 SP1. 

TBD 

Microsoft Exchange is a reliable and efficient messaging system that can be 
used in organizations both large and small. But Exchange also provides a 
level of service beyond other messaging systems that allows organizations to 
work more efficiently. Come spend a day learning why Exchange Server is 
one the most popular and powerful messaging system available today in this 



HOTEL ACCOMMODATIONS 

The San Francisco Marriott, 55 Fourth Street, San Francisco, 
California 94103, is the conference site and host hotel. SPACE IS 
LIMITED so reserve your room early by registering online or by 
calling the conference hotline at 800-438-6720 or 203-268-3204. 

See the Web site for information on airline, 
car rental, tax deduction, and group discount. 
www.ITProConnections.com 



GROUP DISCOUNT 

Register individuals from one company at the same time 
and receive a group discount. 


1st registrant 

Full Registration Fee 

2nd-3rd registrants 

$1,395 per person 

4th-5th registrants 

$1,195 per person 

Additional registrants after the 5th 
(6 or more) 

$1,095 per person 


Call 800-438-6720 to take advantage of group discount pricing. 


8 Register Today! Call 800-438-6720 www.ITProConnections.com 





























PRE & POST-CONFERENCE WORKSHOPS 



Exchange Server 2007 SP1 workshop that includes hands-on-labs. Topics cov¬ 
ered will include: 

Exchange Concepts and Definitions • Administration Eunctionality in 
the Exchange Management Console • Administration Eunctionality in the 
Exchange Management Shell • Unified Messaging Eunctionality • Client 
Eunctionality • Messaging Policy and Compliance Features • Anti-Spam 
and Antivirus Eunctionality • Transport and Routing Eunctionality • 
Performance and Scalability Functionality • High Availability and 
Clustering Eunctionality • Exchange Database Eunctionality • Information 
Worker Functionality • Deployment Eunctionality • Development Eunctionality 
NOTE: The laptop you bring MUST have at least 2 gig of memory (4 GB 
recommended), 20 GB free disk space, an optical drive capable of reading a 
dual-layer DVD, a headset with microphone are optional but recommended. 


POST-CONFERENCE WORKSHOPS 


OCTOBER 8, 2008 

POST-CONFERENCE 1/2-DAY WORKSHOP • 1:30PM-5PM 

REIMAGINING THE SECURITY AND MOBILITY OF SHARED 
& USER BUSINESS DATA 
DAN HOLME 

Join Dan Holme for an extreme makeover of your shared and business data 
management. In this half-day preconference workshop, you'll discover shocking 
security vulnerabilities that are created by default settings and outdated 
designs of Windows file servers. And you'll take away valuable guidance, scripts, 
and tools that will revolutionize your management of shared and business data. 
The workshop is divided into two parts. In the first, you'll dive deep into the 
file services role as it supports shared data folders. Features such as file 
screens, quotas, DES Namespaces, access-based enumeration, and the power¬ 
ful new Owner Rights identity are important pieces of the data security and 
management puzzle. But to implement the perfect file server, you need more. 
You need the ability to answer the questions, "Who has access to this file?" 
and "What can John Doe get to?" Get the free tools and scripts you need for 
a more manageable file server. You'll learn about: 

Changes to the capabilities and functionality of security user 
interfaces and NTFS permissions • The new Owner Rights identity • Access- 
based enumeration (ABE) • Symbolic links • Provisioning secured shared 
folders • Abstracting the storage and presentation of data folders for 
manageability and security • File Screens • Quotas • DFS Namespaces • 
Custom scripts and tools to analyze and report file and folder access 
In the second half of the workshop, you'll tackle the management of user 
data and settings including documents, favorites, media, and application 
data. Windows server and client operating systems offer important function¬ 
ality to ensure that data is available and secure. But until you start managing 
the intricacies of the technologies, your organization's data is difficult to 
access or take offline, challenging to protect, and intellectual property is 
exposed. In a worst-case scenario, critical user data is stored only on users' 
machines and is exposed to complete loss. Or, misguided corporate mandates 
lead too quickly to full-disk encryption. You will learn best practices for put¬ 
ting the pieces together: 

Folder redirection • User profiles • Offline files • Encryption • Group 
Policy • ACLs • Shares • DES namespaces 
Participants in this workshop are expected to have an understanding of many 
to most of these technologies or be ready to learn them offline. This 
advanced, highly practical workhshop prepares you to take away ready-to- 
implement, useful solutions to corralling, securing, and managing corporate 
data. Don't miss the opportunity to experience ConsulTraining(R), Dan Holme's 
trademarked blend of consulting and training. 


OCTOBER 9, 2008 

POST-CONFERENCE FULL-DAY WORKSHOP • 9AM-4PM 

THE MDT AND BEYOND: DEPLOYMENT FRAMEWORKS FOR 
REAL-WORLD SUCCESS 
DAN HOLME 

Join deployment guru Dan Holme for a deep dive into the revolutionary new 
tools and technologies used to deploy Windows Vista, XP, and applications. 
Learn how to implement the Microsoft Deployment Toolkit (formerly known as 
the BDD) and real-world best practices for the design, deployment, and main¬ 
tenance of Windows clients. Go way beyond what Microsoft tells you so that 
you can effectively support clients with applications, configuration, security 
patches, and service pack rollouts into the future. You will take away a 
deployment and systems management methodology that works and a solid 
understanding of its functionality so that you can further refine the method¬ 
ology to apply to your enterprise. You'll learn how WinPE, WDS, and Microsoft 
Deployment work. You'll also get a one-of-a-kind set of tools and scripts to 
help you manage systems more effectively with or without SMS/SCCM. This is 
the best deployment training in the world, and it's only at IT Connections. 
Master the deployment of Windows Vista, XP, and Server 2008 with the best 
deployment workshop in the world. 

POST-CONFERENCE FULL-DAY WORKSHOP • 9AM-4PM 

SHAREPOINT GOVERNANCE 

SHANE YOUNG 

One of the biggest mistakes companies make when deploying a SharePoint 
project is failing to adequately plan the project. The mistake happens 
because SharePoint is easy to install and very easy to add new content to. 
However, finding that content later and controlling that content is much 
harder if you wait until after the portal or site is already up and running. In 
this one day post-conference workshop, we will discuss building the business 
value of Microsoft Office SharePoint Server and identifying who owns the 
project, the roles, and the goals of the project. We will cover setting expecta¬ 
tions and properly estimating the project and finally we will cover governing 
your SharePoint implementation to ensure that when you roll out SharePoint 
designer, all of the hard work put into planning stays intact. 

POST-CONFERENCE FULL-DAY WORKSHOP • 9AM-4PM 

WALK IN THE PARK: OFFICE COMMUNICATIONS SERVER HANDS 
ON LABS 

(Bring Your Own Laptop) 

THOMAS FOREMAN 

Come take a six-hour guided tour of Office Communications Server (OCS) 

2007 and see for yourself the latest Microsoft Unified Communications prod¬ 
uct. Much, much more than Instant Messaging, Office Communications Server 
provides text, web conferencing, and Voice over IP solutions that allow you to 
change the way your organization communicates. We'll install and configure 
OCS 2007, demonstrate Office Communicator 2007 and Live Meeting 2007, 
configure and integrate OCS 2007 with Exchange Server 2007 Unified 
Messaging, and configure and use Communicator Web Access. In this informa¬ 
tion-packed day, you'll use your laptop to walk through several hands-on labs 
developed by Wadeware® with OCS expert MVP Thomas Foreman. 

NOTE: The laptop you bring MUST have at least 2 gig of memory (4 GB recom¬ 
mended), 20 GB free disk space, an optical drive capable of reading a dual¬ 
layer DVD, and a headset with microphone. 
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CONFERENCE SESSIONS 



21ST CENTURY FILE SHARING: 
CONFIGURING & MANAGING SHAREPOINT 
DOCUMENT LIBRARIES 
DAN HOLME 

Many organizations are replacing traditional file 
shares with SharePoint document libraries, which 
provide advanced collaborative features. The cre¬ 
ation of a document library is simple enough-what 
comes after that, though, is more nuanced. Join 
SharePoint MVP Dan Holme for an in-depth exami¬ 
nation of document library functionality and config¬ 
uration. Learn what it takes to make the most of 
document libraries for 21st century collaboration. 
This session goes beyond the basics to uncover 
solutions including: 

■ The management of end-user shortcuts 
to freguently used libraries 

■ Publishing custom templates for new 
documents in a library 

■ Configuring and managing document 
metadata (columns) 

■ Exposing and inserting SharePoint metadata 
within Office documents 

■ Delegating the Override Check Out 
permission. 

■ Views versus folders. Tips for effective 
e-mail alerts. 

ADVANCED GROUP POLICY FEATURES IN 
WINDOWS VISTA AND 2008 
DEREK MELBER 

Microsoft has put more time and effort into Group 
Policy. Now with Vista released, there are over 2400 
policy settings. There are new radical changes that 
come along with Vista and Windows Server 2008, too. 
There are no more ADM templates, they are 
replaced with ADMX files. There is now a repository 
for all ADMX files, which makes administration and 
management of these files easier. Other changes 
include multiple local GPOs, search capabilities, 
commenting, etc. This session will show you all of 
the changes so you can hit the ground running with 
the new Group Policy environment. You will walk 
away from this session with a full, in-depth under¬ 
standing on how Group Policy has changed and why 
the changes are so important to your environment. 
You will be able to immediately implement Windows 
Vista and 2008 Group Policy knowing that you have 
the knowledge to handle the new technology. 

ADVANCED GROUP POLICY SETTINGS IN 
WINDOWS VISTA AND 2008 
DEREK MELBER 

If you haven't seen the new settings in Vista, you 
are missing out. With new settings for Network 
Access Protection, power options, device controls, 
and security settings, Vista is on track to revolu¬ 
tionize how you control desktops. Not only has Vista 
come with new Group Policy settings, Windows 
Server 2008 gets an amazing facelift with thou¬ 
sands of new settings with the inclusion of the 


PolicyMaker technology. Here, you will get 22 new 
client-side extensions and settings like drive map¬ 
pings, printer mappings, Registry modifications, 
and more. 

You will understand the new settings that Microsoft 
put into Windows Server 2008 and Vista. You will 
understand Group Policy Preferences, item-level 
targeting, and how to not tattoo settings anymore! 

ADVANCED SECURITY AND ADMINISTRA¬ 
TION PART I: ROLE-BASED MANAGEMENT 
DAN HOLME 

Get out of the business of managing individual 
changes in your environment and unleash the power 
of role-based management. If you've ever asked, or 
been asked, “What can [name of user] do?" or "Who 
is able to get to [name of resource or application]?", 
this session is for you! Learn how to implement role- 
based management in which users are defined by 
their business roles and where resource access and 
configuration are instantly, accurately, and 
auditably applied. Empower your enterprise to 
enable a documented, auditable structure for 
resource security, asset management, and more. 
Take away methodologies, scripts, tools, and guid¬ 
ance that are proven successful in the real world. 

ADVANCED SECURITY AND ADMINISTRA¬ 
TION PART II: ADMINISTRATIVE DELEGA¬ 
TION, LOCKDOWN, AND PROVISIONING 
DAN HOLME 

Active Directory and administrative delegation is an 
art and a science, reguiring a thoughtful combina¬ 
tion of tight design, comprehensive process, and 
deep understanding of underlying technologies. In 
this session, Dan Holme will share his insights from 
real-world, large enterprise implementations of 
administrative delegation. You'll learn to configure 
highly secure, agile, and responsive frameworks that 
support the needs of administrators, from the CIO to 
the front-line help desk. You will discover the (sur¬ 
prisingly complex) steps reguired to enable adminis¬ 
trators at various levels to reset a password, unlock 
an account, manage user accounts but not adminis¬ 
trative accounts, move users or computers, and 
more. You'll take away simple script-based tricks and 
tools for ensuring standardized and efficient delega¬ 
tion. And, most importantly, you'll understand the 
role and value of provisioning and proxying to incor¬ 
porate business logic, workflow, tighter control and 
customized logging into administrative tasks. 

You'll learn how to: 

■ Script Active Directory delegation 

■ Design a best practice OU model that 
supports your administrative model 

■ Apply role-based management tenets to 
create a flexible and auditable delegation 

■ Lock down the local Administrators group 
on clients and servers 

■ Leverage provisioning and proxying to 
create a secure, auditable, consistent 
administrative workflow 
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And you'll learn why you should disable the local 
Administrator account on every desktop and laptop. 

APPLICATION VIRTUALIZATION 

ALAN SUGANO 

End patch management hell. Application virtualiza¬ 
tion allows you to run applications without having to 
install the application on each workstation. This sim¬ 
plifies patch management and significantly reduces 
the time to roll out new or upgraded applications, 
because patches are installed once on the applica¬ 
tion server and not individually on each workstation. 
We'll take a look at Microsoft's Softricity technology 
and how it handles local, remote, and disconnected 
clients and their applications. This technology also 
leads to the software as a service directive that 
many companies see as an industry trend. 
Application virtualization also ties into Disaster 
recovery because it significantly reduces the prep 
time for workstation recovery. Application virtual¬ 
ization can reduce patch management headaches, 
reduce the time to roll out new applications, make it 
easy to roll back problematic patches, allow users to 
run different versions of the same application, and 
speed up disaster recovery. See if this technology is 
a good fit for your company. 

AUTOMATED REPORTING FOR ENTERPRISE¬ 
WIDE CONFIGURATION DATA 

DON JONES 

Getting your hands on key configuration data from 
across your enterprise can be a tricky task, but the 
technologies exist to make it possible. Using 
Windows PowerShell and Windows Management 
Instrumentation, automation expert Don Jones 
shows you how to grab available information from 
remote machines and quickly create basic manage¬ 
ment reports that arrange data in just the way you 
need. You'll learn... 

■ The basics of Windows Management 
Instrumentation (WMI) 

■ How to discover and research additional 
WMI-based capabilities on your own 

■ How to use PowerShell as a fast, lightweight 
tool for querying and manipulating WMI 

■ How to use free third-party tools to explore 
WMI and locate the data you need 

AUTOMATING AND CONTROLLING ACTIVE 
DIRECTORY MANAGEMENT 

DON JONES 

Active Directory sits at the center of the enterprise, 
controlling authentication and playing a key role in 
authorization and auditing. Yet many organizations 
still rely heavily on ad-hoc, manual administration 
of this key resource. Learn how to automate Active 
Directory administration and make AD administra¬ 
tion a working, enforceable part of your manage¬ 
ment processes. Automation guru Don Jones shares 
a number of tools and techniques, including 
Windows PowerShell, freely-available snap-ins, tem¬ 
plates for incorporating change control techniques, 
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free third-party tools to extend Windows' native 
management tools and enable automation, and 
much more. You'll learn... 

■ How to automate AD provisioning using 
Windows PowerShell 

■ How to enforce business processes reguiring 
change control for AD objects 

■ What freely-available resources are available 
to make automation easier to learn 

■ How to properly build a robust and secure 
automated provisioning system in your 
environment 

AUTOMATING SERVER MANAGEMENT: 

WHAT WORKS, WHAT DOESN'T, 

WHAT'S COMING 
DON JONES 

Microsoft has loaded us up with a number of 
automation technologies over the years, including 
KiXtart, VBScript, and now Windows PowerShell. 
Third parties have jumped into the mix too, offering 
tools for scripting, tools that reguire no scripting, 
and more. All businesses care about is getting the 
job done as guickly, safely, and consistently as pos- 
sible-so what's the best approach? Experts familiar 
with every possible form of Windows administrative 
automation guide you through the options, outline 
pros and cons, and help present a realistic, action¬ 
able roadmap for automation from a technological 
and business viewpoint. You'll learn... 

■ What options are available for automation 
and how they map to real business needs 

■ What technologies are dead-ends from a 
business perspective, and how to start 
moving away from them 

■ What critical business tasks can be 
automated today, which ones can't, and 
what's coming down the line 

■ How to finally build and document a 
sensible, sustainable business plan for 
administrative automation in your 
environment 

BACKUP AND RESTORE FOR SHAREPOINT: 
PROTECTING MISSION CRITICAL 
SHAREPOINT DATA WITH NEW TOOLS 
AND TECHNOLOGIES 
MICHAEL NOEL 

As more and more organizations use SharePoint to 
store documents and other critical data, it becomes 
imperative to provide for backup and restore specific 
for SharePoint. While some integrated tools exist to 
provide for disaster recovery, document level restore 
capabilities are often needed in a SharePoint environ¬ 
ment. This session covers some of those technologies, 
and focuses specifically on how the new Microsoft 
System Center Data Protection Manager (DPM) 2007 
product can be used to provide for SharePoint-specif- 
ic backup and item-level restore. In addition, specifics 
on how to integrate DPM with a Microsoft Office 
SharePoint Server 2007 or Windows SharePoint 


Services farm are provided and best practice archi¬ 
tectural examples for DPM, snapshot guidelines, and 
deployment tips and tricks from the field are covered. 

■ Take a look at the built-in backup processes 
and tools in SharePoint and what should be 
backed up. 

■ Examine the item-level recovery capabilities 
for SharePoint included in System Center Data 
Protection Manager 

■ Learn best practice tips and tricks for deploy¬ 
ment of DPM in a SharePoint environment 

■ Understand SharePoint disaster recovery 
options and architectural considerations 
when using DPM 

COLLABORATION REIMAGINED: OFFICE 
APPLICATIONS AS SHAREPOINT CLIENTS 
DAN HOLME 

While SharePoint offers great functionality through 
its out-of-the-box Web interface, you really "kick it 
up a notch" when you add Microsoft Office applica¬ 
tions to the mix. This session, appropriate for IT 
professionals, end users, and managers, will high¬ 
light some of the exciting ways you can integrate 
Office apps and SharePoint, including document 
libraries, Excel and Access integration, slide 
libraries, and Outlook. You'll learn how to: 

■ Configure SharePoint for client integration, 
even with forms-based authentication 

■ Use SharePoint contact, task, and calendar 
lists as team databases to replace Exchange 
public folders 

■ Compare Word document versions stored in 
a library 

■ Create custom presentations from a 
corporate repository of standard 
PowerPoint slides 

■ Wean users off e-mail "CC:" communications 
with Outlook-integrated discussion forums 

■ Work offline with SharePoint documents 

■ Make the most of Office 2003 and 
Office 2007 

CONFIGURATION MANAGEMENT FOR THE 
WINDOWS ENTERPRISE 
DARREN MAR-ELIA 

In this session, we'll look at some of the current and 
upcoming technology trends for managing Windows 
system configuration, including System Center 
Configuration Manager and its new Desired 
Configuration Management (DCM) feature, how Group 
Policy has evolved to become a full-featured configu¬ 
ration management system, the new Service Modeling 
Language (SML) specification and its future in config¬ 
uration management and the use of CMDB technology 
in Windows infrastructures going forward. 

CONFIGURING WINDOWS SERVER 2008 
HYPER-V FOR HIGH AVAILABILITY 

MICROSOFT 

Running virtualized operating systems introduces a 
dependency on the underlying virtualization infra¬ 


structure. If the virtualization host is a standalone 
machine, it actually becomes a single point of failure 
for all guest systems running on top of it. So, let's 
get this thing clustered! But how do we do that, and 
do so in a way that allows every single guest system 
to move around in that cluster independently from 
all the others? Well, turning one single virtual 
machine stored on a shared LUN into a Cluster 
resource has become almost embarrassingly simple 
with Hyper-V. But that's one-how about one hun¬ 
dred or one thousand? We might want to avoid using 
drive letters in that case—unless you want to limit 
yourself to 22 virtual machines on a 16-node cluster. 
How then do we store the guest systems data and 
configuration files? Actually there are multiple ways 
of how to accomplish this, and we'll look into the 
technical details and the advantages and disadvan¬ 
tages of those and try them out live on stage. 

DEPLOYING WINDOWS SERVER 2008 
HYPER-V AND MICROSOFT SYSTEM CENTER 
VIRTUAL MACHINE MANAGER 
MICROSOFT 

This session covers the basic process of deploying 
Hyper-V and VMM in a product environment and 
then highlights best practices. The session covers 
guidance for bare metal provisioning and fine grain 
control of Hyper-V. From a virtualization manage¬ 
ment perspective, the session covers the manage¬ 
ment architecture and top ten things to do as part 
of the deployment process. 

DESKTOP AND SERVER VIRTUALIZATION: 
SOLUTIONS & ROI 

ALAN SUGANO 
GREG SHIELDS 

Join Alan Sugano and Greg Shields for a chalk talk 
that provides an independent, expert perspective on 
desktop and server virtualization. You'll get the 
opportunity to identify the solution categories avail¬ 
able on the market, get an independent take on their 
strengths and weaknesses, and learn which business 
scenarios can be solved by each approach to virtu¬ 
alization. If you're not fully up to speed with what's 
going on in virtualization—and how fast it's develop¬ 
ing—this discussion will kick your Connections expe¬ 
rience off to a great start! Topics will include: 

■ Server virtualization products like Hyper-V, 
ESX, and Virtuozzo 

■ Desktop virtualization using server blades 
versus VDI 

■ Application virtualization solutions like 
VMware ThinApp and Microsoft App-V 

■ Presentation virtualization solutions like 
Microsoft Terminal Services and Citrix XenApp 

DYNAMIC IT AND SECURITY (PART 1 OF 5): 

OVERVIEW 

MICROSOFT 

There is more pressure than ever on IT departments 
today. The bulk of IT budgets is spent just "treading 
water," rather than adding new business value. 
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Microsoft is focused on helping customers flip that 
equation through a more dynamic IT infrastructure. 
Join this first session of our five-part series to learn 
how security plays an important role in the 
Microsoft Core Infrastructure Optimization model 
and to see how you can apply this knowledge to bet¬ 
ter secure your business's critical IT resources. 

DYNAMIC IT AND SECURITY (PART 2 OF 5): 
DESKTOP, DEVICE, AND SERVER 
MANAGEMENT 
MICROSOFT 

Join us for this second installment of our five-part 
series on security to learn how the Microsoft desk¬ 
top, device, and server management solutions can 
help you optimize and secure your business's criti¬ 
cal IT resources. 

DYNAMIC IT AND SECURITY (PART 3 OF 5): 
NETWORK AND EDGE PROTECTION 

MICROSOFT 

Attend this third session of our five-part series on 
security to learn how the Microsoft network and 
edge protection solutions enable you to better 
secure your business's critical IT resources. 

DYNAMIC IT AND SECURITY (PART 4 OF 5): 

IDENTITY AND ACCESS 

MICROSOFT 

Join this fourth installment of our five-part series 
on security to learn how the Microsoft identity and 
access solutions enable you to better secure your 
business's critical IT resources. 

DYNAMIC IT AND SECURITY (PART 5 OF 5): 
DATA PROTECTION 

MICROSOFT 

In this final installment of our five-part series on 
security, we discuss the Microsoft data protection 
solutions that enable you to better secure your 
business's critical IT resources. 

EASING MANAGEMENT AND SECURING 
REMOTE OFFICES WITH WINDOWS 
SERVER 2008 
MICROSOFT 

This session focuses on the technologies in 
Windows Server 2008 to help ease management of 
remote offices that require infrastructure but typi¬ 
cally don't have local administrators or facilities for 
proper server storage while increasing security for 
the organization. Technologies focused on and 
demonstrated include Server Core running ADDS in 
Read Only Domain Controller mode with BitLocker 
encryption. Demonstrations include services 
designed to remotely manage a Server Core includ¬ 
ing winRM; how to automate server core deploy¬ 
ment and what exactly a RODC means; and a walk¬ 
through of configuring which passwords are kept 
locally on the server with a password hacking tool 


m 


execution showing most user accounts are not 
stored, negating many of the problems of having 
unsecured domain controllers in remote offices. 

EVERYTHING YOU NEED TO KNOW ABOUT 
STORAGE TECHNOLOGIES BUT WERE 
AFRAID TO ASK 

ALAN SUGANO 

If your company is like most companies, you are 
probably running low on disk space as storage-hun¬ 
gry applications eat up disk space like contestants 
in a pie-eating contest. But what's the best solution 
for your company? With the advent of newer drive 
interface technologies like Serial Attached SCSI 
(SAS) and Serial ATA (SATA), there is a lot more to 
choose from when selecting a storage solution. This 
session will cover the storage basics of locally 
attached storage, network attached storage (NAS), 
just a bunch of disks (JBODs), and storage area net¬ 
works (SANs), what they are, where they are typical¬ 
ly used, and how they fit into a comprehensive stor¬ 
age strategy for your company. We'll also look at 
the enhancements to Windows Storage Server 
(WSS) that are scheduled to be released with 
Windows Server 2008. 

HYPER-V AND ESX COMPARISON 

ALAN SUGANO 

Microsoft's own hypervisor, Hyper-V was released 
with Windows Server 2008. It is designed to com¬ 
plete directly against VMware's ESX server. How do 
the two products compare? We'll consider price, 
performance, hardware requirements, high avail¬ 
ability, management, and other features in a com¬ 
parison shootout. If you're evaluating virtualization 
platforms, make sure to attend this session to assist 
in your decision making process. 

IMPLEMENTING DISASTER RECOVERY IN 
VIRTUALIZATION ENVIRONMENTS 
GREG SHIELDS 

Making the jump to virtualization within the busi¬ 
ness datacenter is only the first step in optimizing 
your environment. Virtualization and the manage¬ 
ment toolsets that come with it immediately add 
extra benefits that support cost-effective and high- 
ly-available disaster recovery. No matter if you're a 
large enterprise environment or even a small busi¬ 
ness, these benefits can scale to your available 
budget. Come to this session with virtual architect 
Greg Shields to learn how. Topics covered: Hyper-V, 
VMware ESX, 3rd Party Tools that Augment DR 

INTRODUCTION TO MICROSOFT'S HYPER-V 
VIRTUALIZATION SOLUTION 
GREG SHIELDS 

Virtualization isn't all about VMware. In fact, 
Microsoft's new Hyper-V virtualization platform 
has the features and functionality that might just 
give VMware a run for their money in certain cir¬ 
cumstances. If you haven't had the opportunity 


to come to know Hyper-V, then this is the session 
for you. We'll talk about the benefits and chal¬ 
lenges that Hyper-V brings to the table. You'll 
understand where it positions within your data¬ 
center environment. And, you'll leave with critical 
knowledge you need to properly implement it for 
the right workloads. Topics covered: Hyper-V, 
VMware ESX (in comparison) 

MICROSOFT IT COMPLIANCE: POLICY, HBI, 

SOX, AND PCI 

MICROSOFT 

Disclosure of High Business Impact (HBI) information 
might cause severe material loss to Microsoft, the 
information asset owner, or relying parties. Attend 
this session to learn how Microsoft developed HBI 
policy that complies with SOX and the Payment Card 
Industry (PCI) standards. Learn how the PCI stan¬ 
dards are implemented, reviewed, and managed at 
Microsoft and understand what technologies and 
processes are used to safeguard against disclosure 
of customer and consumer information. 

MULTI-SITE CLUSTERING WITH WINDOWS 
SERVER 2008 ENTERPRISE 
MICROSOFT 

As Windows Server operating systems become 
increasingly accepted in the large scale and high- 
end mission-critical parts of organizations, the 
requirements for disaster tolerance and business 
continuance become more and more important. The 
goal of this session is to cover the considerations 
on why and how you can build a complete High 
Availability solution with Windows Server 2008 
Failover Clustering to ensure that there is no single 
point of failure. 

NETWORK ACCESS PROTECTION OVERVIEW 
MICROSOFT 

Network Access Protection (NAP) is a policy enforce¬ 
ment platform built into Windows Vista and Windows 
Server 2008 that allows you to better protect your 
private network by enforcing compliance with com¬ 
puter health requirements. For example, a firewall 
must be installed and enabled and the latest operat¬ 
ing system updates must be installed. With NAP, you 
can create customized health requirement policies 
to validate computer health before allowing network 
access or communication, automatically update 
compliant computers to ensure ongoing compliance, 
and optionally confine noncompliant computers to a 
restricted network until they become compliant. 

OUTSOURCING SERVICES & APPLICATIONS: 
SAAS AND HOSTED APPLICATIONS 

ALAN SUGANO 

Hosted applications is a trend that has a lot of IT 
Pros worried or at least concerned. With even 
Microsoft getting into the Software as a Service 
(SaaS) model, will everyone end up working for the 
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computing cloud in the sky? Are our jobs coming to 
end as we know it? This session will discuss the 
advantages and disadvantages of SaaS. In some 
respects, SaaS may be a blessing in disguise allow¬ 
ing IT Pros to focus on more strategic efforts that 
can really make a difference in a company's suc¬ 
cess. We'll examine how companies fit SaaS into 
their corporate structure and how SaaS may or may 
not fit into your company' strategic IT plans. Is 
there really a cost savings with SaaS? We'll discuss 
tips on how to get the best results from SaaS and 
investigate other possible ways of using SaaS for 
disaster recovery, testing, and high availability. 

REPLACING YOUR PBX AND VOICEMAIL 
WITH UC 
SPEAKER TBD 

Should a small business go to a pure UC environ¬ 
ment and why? In this session we'll address the 
pros and cons and review the steps reguired to 
implement Exchange Server 2007 SP1 Unified 
Messaging and Office Communications Server 2007 
to have a Microsoft Unified Communications VOIP 
environment at your small or medium sized busi¬ 
ness. We will review a case study of an actual small 
business (Wadeware) that has done just this, as well 
as give a small demonstration of our UC deploy¬ 
ment. We will also go over some of the gotchas, 
things to watch out for and give pointers to some 
resources for planning and troubleshooting your UC 
implementation. 

SECURING AND TUNING MICROSOFT 
INTERNET INFORMATION SERVICES 7.0 
SPEAKER TBD 

Internet Information Services (IIS) 7 was built on a 
solid foundation of security and performance with 
new innovative features like a highly modular design 
to provide fine-grained control of surface attack 
area, support for Windows Server 2008 Server Core, 
kernel mode SSL and authentication, built-in anony¬ 
mous access, application pool isolation and many 
more features. Learn more about how these new IIS 
7 features help lock down your environment and 
keep it running at maximum performance. 

SECURITY AUDITING OF ACTIVE 
DIRECTORY AND SERVERS: BEING 
PREPARED AT ALL TIMES FOR THE AUDIT 
(EXTERNAL AND INTERNAL) 

DEREK MELBER 

Active Directory is complex, then when you throw in 
Group Policy, it can be a bit overwhelming. In this 
session we will talk about how to keep on top of the 
security in your environment, so no matter when 
the audit comes, you are prepared. We will discuss 
Group Policy, security templates, security settings, 
the Security Configuration Wizard, security configu¬ 
ration and analysis, and more. After attending this 
session, you will need to get back to the office and 
update that audit program and immediately imple¬ 
ment the solutions that I show you. You will be able 


to update or generate your Windows audit program. 
You will give deep into the Windows, Active 
Directory, and Group Policy infrastructure to under¬ 
stand how and what should be audited. 

SECURITY FOR SHAREPOINT IN AN 
INSECURE WORLD: EXAMINING METHODS 
AND TECHNOLOGIES TO MITIGATE THREATS 
TO SHAREPOINT 
MICHAEL NOEL 

The collaboration and document management 
capabilities within SharePoint products and tech¬ 
nologies are robust and can greatly improve func¬ 
tionality. The nature of the modern workplace in 
many cases reguires anytime connectivity to the 
SharePoint platform, not only from within the con¬ 
fines of a traditional office, but also on the road or 
in the home office. Many organizations are subse- 
guently finding it extremely valuable to expose 
their SharePoint environment to the Internet, but 
are being faced with a myriad of security chal¬ 
lenges to keep their vital organizational informa¬ 
tion from being hacked and exposed. This session 
outlines the risks of exposing SharePoint to the 
Internet and explaining which technologies have 
been proven to mitigate those risks. From secured 
Web publishing using Microsoft's Internet Security 
and Acceleration (ISA) Server or the Internet Access 
Gateway (IAG) product line, to rights management 
protection, to antivirus with Forefront Security for 
SharePoint, this session covers a range of security 
concerns and how they can be addressed. 

■ Learn the security threats faced by an 
externally facing SharePoint environment 
and what tools exist to mitigate those risks. 

■ Understand SharePoint securing 
technologies such as ISA 2006, IAG 2007, 

AD Rights Management Services, Forefront 
Security for SharePoint, and integrated 
SharePoint security tools. 

■ Take a look at some design principles that 
can be used to secure SharePoint, such as 
designs with farms in the DMZ of firewalls, 
content publishing, and forms-based 
authentication. 

SERVER CORE CONFIGURATION 
MICROSOFT 

Setting up a complex server configuration with all 
the correct parameters can be a tricky enough busi¬ 
ness with the full graphical user interface at hand. 
Take away the GUI (or most of it, at least), and 
things become ever so slightly more complicated. In 
this session, we will look into the various aspects of 
an initial server configuration for a Hyper-V cluster. 
We will configure the network (so how exactly do 
you remove the 'Client for Microsoft Networks' bind¬ 
ing from a NIC using the command line???), the 
iSCSI initiator (ever tried to enumerate your source 
port address using WMI?), set up the firewall to 
allow for remote management, and, of course, 
install various server roles and features. We will dis¬ 
cover that we aren't guite as lost and alone as we 


perhaps thought we might be on the server core 
desktop and that we can actually do a lot of stuff 
remotely, turning that Server Core into the prover¬ 
bial 'Black Box' that it's indeed meant to be. And we 
will eventually remember that automation is our 
friend, and conseguently set up that whole configu¬ 
ration with Microsoft Deployment for easy and con¬ 
venient deployment. 

SHAREPOINT PLANNING, DEPLOYMENT 
AND ADMINISTRATION (PART 1 OF 2) 

SHANE YOUNG 

In this first part we will look at the architecture that 
makes up your SharePoint farm. We'll start with a 
deep dive into the roles and services that make up 
a SharePoint farm. Then we'll make sure you avoid 
the most common install mistakes and finally ana¬ 
lyze the service and process accounts and what 
they all really do. Don't be scared but somewhere in 
that chaos we will even explain how Kerberos 
relates to SharePoint. 

■ You will learn farm architecture and 
topologies. 

■ You will discover some of the major gotchas 
when installing to avoid. 

■ You will explore the different process 
accounts used with configuration and the 
pros and cons of few or many. 

■ You will get a real-world explanation of 
NTLM vs. Kerberos and why it is important 
to SharePoint. 

SHAREPOINT PLANNING, DEPLOYMENT, 

AND ADMINISTRATION (PART 2 OF 2) 

SHANE YOUNG 

Now that we have the foundation out of the way, in 
this session we will take that information and build 
on it from role-based deployments. Looking at 
intranet, extranet, and Internet scenarios and some 
of the design decisions that need to made. Look for 
some performance tips and some guidance on how 
to keep you farm under control when you start talk¬ 
ing about letting developers come into the picture. 
Finally, if there is enough time we will discuss the 
secret to good brownies. 

■ You will take the foundation from part 1 and 
look at how that translates to real scenarios. 

■ You will get guidance on recommended 
ways for controlling the introduction of 
custom code to SharePoint. 

■ You will learn performance tweaks and 
bottlenecks to avoid in your deployment. 

SIMPLIFYING THE MANAGEMENT OF YOUR 

NETWORK SECURITY 

MICROSOFT 

More freguent and increasingly advanced threats in 
today's security environment emphasize the need 
for simplifying the management of your network 
security. With this learning path, you'll discover how 
the Microsoft Forefront family of business security 
products can help you streamline your security 
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strategy in a comprehensive, integrated manner. 
For example, learn how to provide unified malware 
protection as well as control access to corporate 
information in a simplified way, and how to best fit 
Forefront into your organization's security strategy. 

STEP-BY-STEP: CREATING A SECURE 
DESKTOP WITH GROUP POLICY 
DARREN MAR-ELIA 

This session focuses on practical guidance for using 
the myriad of security features within Group Policy 
to create a secure desktop configuration. We will 
walk through how you can implement features such 
as Software Restriction Policy, Windows Firewall, 
IPSec, IE security and related technologies and pro¬ 
vide practical advice that you can implement in 
your environment right away. 

SYSTEM CENTER ESSENTIALS: WHY YOU 
NEED IT 

GREG SHIELDS 

Microsoft changed the names again, but at the 
same time added a new systems management 
product designed just for the small and medium¬ 
sized business. System Center Essentials is an 
excellent tool for managing your servers and work¬ 
stations, easily pulling software and hardware 
inventory, deploying software and patches, and 
generally keeping your Microsoft eguipment in line. 
Come to this sesion to learn about why you need to 
install this amazing new tool right now into your 
network and get your arms around centralized sys¬ 
tems management. Topics covered: SCE, (poten¬ 
tially SCCM, SCOM) 

THE REALITY OF RUNNING END USERS AS 
STANDARD USERS (LUA AND UAC) 

DEREK MELBER 

Microsoft has provided us with UAC and the indus¬ 
try wants to move to a standard user environment 
(LUA). How real is this? Does UAC help or hurt? What 
other technologies are available to achieve this? 
This session will delve into the world of LUA and 
how to achieve it with Windows Vista and XP. 
Microsoft has done a lot with Group Policy 
Preferences and Application Virtualization to help 
us obtain this... are you ready? 

You will have an end-to-end solution for implement¬ 
ing LUA. You will be able to walk away securing your 
Windows desktops: securing them sufficiently and 
still allowing users to perform daily tasks. 

THINKING OUTSIDE THE MAILBOX: 
SHAREPOINT DOCUMENT MANAGEMENT 
AS A REPLACEMENT FOR AD HOC E-MAIL 
COLLABORATION 
MICHAEL NOEL 

E-mail has become the de facto document manage¬ 
ment platform for many organizations in recent 
years. E-mail's ubiguitous use combined with the 
lack of document management and collaboration 
tools in Microsoft Exchange Server has contributed 
to this effect. Unfortunately, however, e-mail as a 


collaboration and document management platform 
has significant limitations such as lack of version¬ 
ing control, limited workflow options, limited 
search and indexing capabilities, and massive stor¬ 
age reguirements. As a direct response to these 
needs, Microsoft has spent the last 8 years putting 
significant work into their premier document man¬ 
agement platform, Microsoft Office SharePoint 
Server 2007. This session focuses on how to make 
the jump from ad hoc unstructured e-mail collabo¬ 
ration to formalized document management and 
collaboration using SharePoint 2007. Best practices 
learned from the field in how SharePoint has been 
deployed at numerous organizations are covered 
in the session, and tips and tricks on how to get 
deep seated e-mail centric companies to adopt 
SharePoint are discussed. 

■ Learn how the document management 
capabilities in SharePoint 2007 can improve 
collaboration and make an organization 
more efficient. 

■ Examine best practices and tips and tricks 
from real-world SharePoint DM deployments, 
and how you can learn to avoid common 
deployment mistakes. 

■ Understand what features of SharePoint 
help an organization bring immediate value, 
and which features require more attention 
to them to produce desirable results. 

TROUBLESHOOTING GROUP POLICY 
DARREN MAR-ELIA 

In this session, you will learn the mechanics behind 
Group Policy processing as a background for under¬ 
standing how to guickly and effectively trou¬ 
bleshoot Group Policy problems. We will also take a 
practical look at a number of tools and techniques 
for solving Group Policy problems, including identi¬ 
fying infrastructure vs. client-side errors and taking 
advantage of the logging that is available within the 
infrastructure for troubleshooting. 

UNDERSTANDING EVERYTHING 
SHAREPOINT SEARCH OUT OF THE BOX 

SHANE YOUNG 

Everyone knows that SharePoint Server Search is 
really cool but, do you know why? In this session, we 
will cover the power and how far you can really take 
this great tool out of the box. We'll start with a little 
of the technical details to make sure you under¬ 
stand how search really works and then transition 
to the included web parts and the things they can 
do with no code. 

■ You will learn the difference between search 
with WSS, MOSS, and Search Server. 

■ You will see firsthand how to customize the 
search web parts. 

■ You will look at Search reporting and how 
your enterprise can leverage it to get the 
best R0I on SharePoint. 
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UNDERSTANDING THE BUSINESS & 
TECHNICAL VALUE OF TERMINAL SERVICES 
IN WINDOWS SERVER 2008 
GREG SHIELDS 

Windows Server 2008 is out, and arguably one of its 
newest and most exciting features are the new capa¬ 
bilities now available with Terminal Services. Tired of 
deploying full desktops? How about TS RemoteApps? 
Wish you had more security? TS Gateway gives you 
IPsec-based transport-level authentication and 
encryption. Tired of RDP files? Install your remote 
applications to desktops just like a regular install, or 
even deploy via a TS Web Access web site. In this ses¬ 
sion, we'll take a look at what's shiny new and in 
high-demand with Terminal Services, and how it can 
save time and money in your environment. Topics 
covered: Terminal Services 2008 

UNDERSTANDING THE MICROSOFT SERVER 
VIRTUALIZATION PORTFOLIO, INCLUDING 
HYPER-V 

MICROSOFT 

Join us for an overview of Microsoft virtualization 
solutions and a vision of where virtualization tech¬ 
nologies and management capabilities are headed. 
Understand current market trends in this area, 
which solutions are being virtualized, and the 
opportunities for applying existing IT infrastructure 
investments to different scenarios. Learn how your 
organization can get ahead of the curve by taking 
advantage of the opportunities and resources avail¬ 
able to Microsoft customers and how to think about 
the end-to-end life cycle of server virtualization 
deployment in your organizations. 

WINDOWS POWERSHELL: A FIRST STEP ON 
THE PATH TO AUTOMATION 

DON JONES 

Windows PowerShell is Microsoft's new-and first 
official-direction for automating Windows and 
server administration. But what is PowerShell—a 
shell, a scripting language, or something else? How 
will PowerShell affect IT professionals'jobs now and 
in the future? How can you use PowerShell to auto¬ 
mate administrative tasks, and do you really have to 
learn to be a programmer? Windows PowerShell 
MVP and author Don Jones addresses these and 
many other guestions with clear, concise answers 
based on more than a decade of experience and 
insider information on PowerShell itself. You will... 

■ Learn what PowerShell is and where it fits 
into your environment 

■ Learn what PowerShell can and can't do 
today, and what's coming 

■ See real-world administrative tasks auto¬ 
mated in the shell 

■ Learn the core skills that make learning and 
discovering PowerShell possible 
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AUTOMATING GROUP POLICY 
MANAGEMENT USING POWERSHELL 
DARREN MAR-ELIA 

In this session, well dive into the use of PowerShell 
as a mechanism for managing Windows configura¬ 
tion using Group Policy and related technologies. 
Well look at how you can automate many Group 
Policy management tasks using GPMC and 
PowerShell, providing real-world examples and sur¬ 
veying 3rd-party solutions for extending Group 
Policy automation using PowerShell. 

AUTOMATING THE MODERN WINDOWS 

ENTERPRISE 

DARREN MAR-ELIA 

This session will take a hard look at what it takes to 
manage Windows infrastructures from the command¬ 
line. How "automate-able" is Windows today and what 
are the technologies that facilitate that? Can you real¬ 
ly do everything from the command-line or do we still 
need those GUIs? We will challenge the notion that 
you need a mouse to manage a Windows datacenter, 
and show some practical examples of this using in- 
the-box technologies. 

CLOUD COMPUTING 

KAREN FORSTER 

Applications and services hosted in the "cloud"- 
something new and revolutionary or just another way 
to say “hosted applications" or ASP? One thing is cer- 
tain-the landscape is changing, with new capabilities, 
new products, new expectations, and an increasing 
number of enterprise customers opting to "let go" of 
services, such as e-mail and collaboration, that were 
once considered prized possessions of the IT organi¬ 
zation. Karen Forster leads this discussion of what's 
out there, who's doing what, and whether cloud com¬ 
puting delivers a silver lining. 

CONSUMERIZATION OF IT 
ROMI MAHAJAN 
JOSHUA HOFMAN 
DHARMESH GODHA 

As the pace of change increases in the world of 
Information Technology, job-roles, personas, affini¬ 
ties, and alliances change just as rapidly. Ultimately, 
lines of distinction blur between the roles of IT 
Professionals and Developers, between "work-relat¬ 
ed" technologies and "consumer" technologies, 
between work-time, play-time, and home-time. In 
addition, there is a strong relationship and even a 
causal link between what we think is cool and what 
we ultimately buy at home with what we think is rel¬ 
evant and what we ultimately buy to run our enter¬ 
prises. As these lines blur, we find that we are in a 
world in which the old distinctions melt: the 
Fungible Future is upon us now! Please join a 
renowned panel discussing these trends and help¬ 
ing us all determine what are the next big trends 
that disrupt the next steps in the creation of cool. 


DESKTOP AND APPLICATION 

VIRTUALIZATION 

ALAN SUGANO 

Virtualization isn't just for servers any more! The 
last year has seen explosive growth in the opportu¬ 
nity and products for desktop and application virtu¬ 
alization. Remote desktop, virtual machines, blades, 
published and applications are among the many 
options available to address compatibility, manage¬ 
ability, and performance reguirements for enter¬ 
prise productivity. Alan Sugano and other virtual¬ 
ization experts will lead this discussion of what you 
and your colleagues are doing and planning to do in 
the area of desktop and app virtualization. 

EXPLORING OUT OF THE BOX SOLUTIONS 
WITH SHAREPOINT 2007 THAT BRING 
IMMEDIATE VALUE TO YOUR 
ORGANIZATION 
MICHAEL NOEL 

While SharePoint provides for a highly extensible 
architecture to build many different tools to run on 
top of the platform, many organizations don't real¬ 
ize that many of the out-of-the-box capabilities that 
reguire no custom coding can be immediately used 
to bring value to an organization. Out-of-the-box 
workflows, document management functionality, 
freely downloadable site templates, and many other 
tools exist to allow a company to hit the ground 
running with their SharePoint environment. This 
Think Tank session explores many of those road- 
tested solutions and focuses on the few simple 
rules that can help to guickly build a SharePoint 
farm without running into problems expanding it in 
the future. Attendees will get a real-world view of 
what works and what doesn't work with SharePoint 
out of the box, and how they can leverage it as a 
tool to improve communications and productivity. 

■ Examine some of the out-of-the-box function¬ 
ality in SharePoint that can be easily lever¬ 
aged to immediately improve processes 

■ Learn which common mistakes to avoid when 
building a farm so that it can be guickly and 
easily expanded in the future 

■ Take a look at freely downloadable tools 
that bring immediate value to a SharePoint 
environment 

IDENTITY WITHOUT BORDERS: BRINGING 
THE IDENTITY METASYSTEM TO THE 
ENTERPRISE 
GIL KIRKPATRICK 

Your IT organization is being pulled in two directions. 
On the one hand, business continuity and regulatory 
compliance concerns force you to "lock down" your IT 
processes and systems to improve security. On the 
other hand, your business reguires your systems to 
be more flexible, open, and collaborative with cus¬ 
tomers and partners. How can you satisfy these two 
conflicting forces? Learn how the Identity Metasystem 
model provides a way out of the trap, and how you 
can incorporate it's principles into your security 


architecture to develop systems that are secure, 
open, and manageable. 

MANAGEMENT 2.0 
ROMI MAHAJAN 

In his book, The Future of Management, renowned 
business-thinker Gary Hamel argues that long-term 
comparative advantage stems from the creation of an 
innovation culture that is itself a product of the evo¬ 
lution of "Management Technologies." Whereas along 
many axes, industry has innovated and re-invented 
itself countless times, most companies are still 
steeped, according to Hamel, in a hierarchical man¬ 
agement culture that has scarcely evolved beyond 
the nineteenth-century theories of Frederick Winslow 
Taylor, the father of "scientific management". Further, 
that very culture prevents any truly innovative cul¬ 
ture from emerging simply because it does not yield 
decent returns on human creativity and capital. 
Hidebound hierarchies are anathema to innovation; 
and human creativity, when unleashed, is the core 
fuel for long-term innovative comparative advantage. 
When human creativity is leashed, upwards of 80 per¬ 
cent of workers are not engaged in what they do. 
Hamel believed this is not only a business failure but 
a moral one as well. 

On a subtle level, we in the IT community have to 
understand that we've also been given a warning by 
Hamel. He argues that management, not IT, is the 
source for innovation. IT, after all, can be commodi¬ 
tized and therefore how can it render comparative 
advantage? If IT is not the source of innovation and if 
productivity gains, uptime, reliability, quick on-board¬ 
ing of new applications and single sign-on (and their 
ilk) can't render comparative advantage, then what 
indeed are we all so busy worrying about? Come to 
this panel to find out why IT can be the source of inno¬ 
vation if we combine it with the principles of 
Management 2.0. 

REFINING ACTIVE DIRECTORY DESIGN & 
ACTIVE DIRECTORY ADMINISTRATION 
DAN HOLME 

Enterprises are constantly tasked with increasing the 
security, manageability, and audit-ability of their 
administrative processes. A refined and security- 
focused Active Directory design and administrative 
model is a critical enabler for this task. Join Active 
Directory design experts and consultants including 
Dan Holme for a discussion-based, Q&A-centric dis¬ 
cussion of best practice Active Directory design and 
security delegation. 

SERVER VIRTUALIZATION 
ALAN SUGANO 

The entry of Microsoft's Hyper-V into the server virtu¬ 
alization market has increased awareness and accept¬ 
ance of server virtualization. But it takes more than a 
virtualization technology, such as Hyper-V or VMware 
ESX, to make a successful virtualization platform. 
Storage, configuration, server placement, network 
infrastructure, and management capabilities must be 
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put together in just the right way. In this discussion, 
join Alan Sugano and other virtualization experts, 
along with your peers from other enterprises, for an 
open discussion of server virtualization. 

THE BUSINESS CASE FOR WINDOWS 
SERVER 2008 
GREG SHIELDS 

Windows Server 2008 is now available, but is there 
a business case for getting it into the environ¬ 
ment? Just being Microsoft's newest operating 
system isn't enough. You need a solid understand¬ 
ing and ROI on investing the time, cost, and risk to 
your environment to make the jump. In this Get 
Smart Think Tank, join Greg Shields, author of 
Windows Server 2008: What's New / What's 
Changed will discuss and understand the business 
impact to making the move to Server 2008. You'll 
leave with the tribal knowledge and hard facts you 
need to make an informed decision for your own 
environment. 

USING SHAREPOINT TO REDUCE THE 
BURDEN ON IT AND EMPOWER THE 
BUSINESS 
SHANE YOUNG 

In this discussion we will explore how using 
SharePoint it is possible for IT to delegate control to 
the business. This has great advantages in that IT is 
no longer the bottleneck but, with great power 
comes great responsibility, so we will also discuss 
some of the downsides to over-empowered users. 
The goal of this will be to expose the good, the bad, 
and the ugly and help facilitate the proper conver¬ 
sations to help you make solid choices with how 
much power to give out. 

WINDOWS SECURITY IMPLEMENTATION, 
AUDITING, AND COMPLIANCE: PROCESS, 
TOOLS, AND PROCEDURES TO MEET 
COMPLIANCY REGULATIONS 
DEREK MELBER 
DON JONES 

Come join industry experts Derek Melber and Don 
Jones drive discussion on how to properly implement, 
configure, automate, and audit Windows security for 


desktops, servers, domain controllers, services, appli¬ 
cations, and the network. Microsoft has provided all of 
the needed security controls, you just need to know 
where they are, as well as know which tools can be 
leveraged to accomplish the job. 

WHAT KEEPS CIOS AWAKE AT NIGHT? 
KAREN FORSTER 

Ever wonder what keeps IT executives up at night, or 
makes them awaken in a cold sweat? Join Karen 
Forster, IT Group Editorial and Strategy Director for 
Penton Media and other speakers as they facilitate a 
group therapy session for execs. More than 
''Kumbaya'' and group hugs, this is an opportunity to 
share your concerns and discover what your peers 
are doing to address them. 

WINDOWS SERVER 2008 AND WINDOWS 
VISTA: IF NOT NOW, WHEN? 

DON JONES 

You've read the endless media coverage and doubt¬ 
less have an opinion of your own: Is Windows Vista 
ready for your business? What about Windows Server 
2008? Do you need Server Core? If not... when? Bring 
your opinions and listen to those of our industry 
experts as we explore the upgrade issue from an 
objective, all-business perspective. We'll start from 
the perspective that no business wants to spend 
money or time on anything unless there's value in 
doing so, and examine the value offered by 
Microsoft's latest operating system versions. Bring 
your unigue perspective and join in the discussion: 
Challenge your assumptions and ours! You will... 

■ Gain a new perspective (or validate your 
existing one) on Microsoft's newest 
Windows versions 

■ Get a broader set of concerns and considera¬ 
tions regarding Windows Vista and Windows 
Server 2008 

■ Explore often-overlooked advantages and dis¬ 
advantages associated with these new operat¬ 
ing systems 
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KAREN FORSTER, Penton Media 

Karen Forster is IT Group Editorial and Strategy Director for 
Penton Media's Windows IT Pro, SQL Server Magazine, and System! 
NEWS, and was Director of Windows Server User Assistance at 
Microsoft. Karen has more than 20 years' experience in tech¬ 
nology and book and magazine publishing. Karen has an MA 
in linguistics and English as a foreign language from the 
University of Regensburg, Germany. She lived in Germany for 9 years and speaks 
fluent German. 

DHARMESH GODHA, Advaiya, Inc. 

I Eor over 10 years, Dharmesh Godha (CTO of Advaiya, Inc.) 
IpB VM has he| P ed empower IT organizations to become strategic 
* J assets to the business. Working with companies like 

Microsoft, i2 Technologies, Project Assistants, and 
International Network Service, Dharmesh has architected 
numerous business solutions involving multiple technologies. 
He has also worked with IT departments to streamline project executions and 
design solutions for integrating various business applications. Most recently, 
he has worked with Microsoft and its partners to create a strategy around 
using Infrastructure Optimization concepts to build a strategic IT organiza¬ 
tion. Dharmesh graduated from the Indian Institute of Technology (Kanpur, 
India), where he submitted an award-winning thesis on XML technologies. 

As the CTO for Advaiya, Dharmesh closely follows Microsoft's technology 
direction and helps align Advaiya's initiatives to the state-of-the-art in tech¬ 
nology and business. 

JUSTIN GRAHAM, Microsoft 

Justin Graham is a Senior Technical Product Manager in the 
Windows Server Business Group. His responsibilities are mak¬ 
ing sure Microsoft's customers and IT Professionals have the 
information they need about Windows Server technologies. 
Justin is an avid speaker and delivered the Secure and 
Trusted Platform demonstration at the Windows Server 2008 
Launch in Los Angeles. He has also presented at TechEd and other launches. 
Justin has been with Microsoft since 2002. In this time he has been a Senior 
Engineer handling critical support escalations and teaching classes around 
Windows Server and also as an Account Technology Specialist managing cus¬ 
tomer relationships in the New England area. 

Prior to joining Microsoft, Justin attended college at Rensselaer Polytechnic 
Institute in Troy, NY where he majored in Information Technology. While there 
he also worked for many startups as well as General Electric and Agilent 
Technologies. 

JOSHUA HOFFMAN, Microsoft 

Joshua Hoffman joined Microsoft in 2001 as a consultant 
with Microsoft Consulting Services. After spending four 
years advising large commercial, university, and govern¬ 
ment clients on IT infrastructure design and engineering, 
Joshua joined TechNetMagazine, where he is now the Editor- 
in-Chief. You can e-mail him a t joshhoff@microsoft.com, or 
visit his blog a t blogs.technet.com/tnmag. 

DAN HOLME, Intelliem, Inc. 

A graduate of Yale University and Thunderbird, Dan has spent 
10 years as a consultant and trainer, delivering solutions to 
tens of thousands of IT professionals from the most presti¬ 
gious organizations and corporations around the world. He 
has recently supported Active Directory design and implemen¬ 
tation at enterprises such as Raytheon, ABN AMRO, Johnson & 
Johnson, and General Electric. Dan's company, Intelliem, specializes in boosting the 






productivity of IT professionals and end users by creating advanced, customized 
solutions that integrate clients' specific design and configuration into productivity- 
focused training and knowledge management services. Erom his base in sunny 
Arizona, Dan travels to client sites around the world and then unwinds on his 
favorite mode of transportation, his snowboard. 



DON JONES 

Don Jones has more than a decade of professional experi¬ 
ence in the IT industry. He's the author of more than 30 IT 
books, including Windows PowerShell: TFM; VBScript, WMI, 
and ADSI Unleashed; Managing Windows with VBScript and 
WMI; and many more. He's a top-rated and in-demand speak¬ 
er at conferences such as Microsoft TechEd and TechMentor, 
and writes the monthly Windows PowerShell column for TechNet Magazine. Don is a 
multiple-year recipient of Microsoft's "Most Valuable Professional" (MVP) Award 
with a specialization in Windows PowerShell. Don's broad IT experience includes 
work in the financial, telecommunications, software, manufacturing, consulting, 
training, and retail industries and he's one of the rare IT professionals who can 
not only "cross the line" between administration and software development, but 
also between IT workers and IT management. 


GIL KIRPATRICK, NetPro 

Mr. Kirkpatrick is a 30-year veteran of the commercial soft¬ 
ware business, having designed or developed dozens of suc¬ 
cessful commercial software products. He is well known as the 
founder of the popular Directory Experts Conference, the only 
international conference focused on Microsoft Identity and 
Access technologies. Mr. Kirkpatrick is the author of the highly- 
regarded book Active Directory Programming, and is a frequent contributor to 
Windows IT Pro and TechNet magazines. In his current role as Expert-in-Residence at 
NetPro, Mr. Kirkpatrick consults on various security, identity, and marketing proj¬ 
ects, and speaks at technology seminars and conferences around the world. Mr. 
Kirkpatrick has received the Microsoft Most Valuable Professional (MVP) award for 
his work in the technology community each year since 2005. 

MICHAEL LEWORTHY, Microsoft 

Michael Leworthy is a Lead Product Manager within the 
Windows Server division where he specifically focuses on pro¬ 
viding key scenario solutions such as Virtualization, High 
Availability, Web Application Platform and Identity 
Management for organizations of all sizes. Over eight years 
experience at Microsoft, including three years within the 
Application Platform Division, has enabled him to spend time equally between 
infrastructure and developer solutions. This has provided a solid understanding 
of the needs of developers, knowledge workers and IT professionals in organiza¬ 
tion of all sizes. Michael attended the University of South Australia were he stud¬ 
ied both B.Eng in Electrical Engineering and B.Sci in Computer Science. 




DAVID LOWE r Group Product Manager 

David Lowe is Group Product Manager for Windows Server 
with Microsoft Corporation. In this role, he looks after 
product management for Internet Information Services 
and Windows Web Server. David has been with Microsoft 
since 2001, and in this time he has managed Developer 
and IT Professional portfolios for Microsoft Learning, led the 
company's Security Guidance Training efforts, and driven planning for the 
Windows Server 2008 launch. 

Prior to joining Microsoft, David was Senior Lecturer in Internet Technologies at 
the Centre for Advanced Technology Training in Dublin, Ireland, where he special¬ 
ized in Web development and XML. David holds a Bachelor of Science degree from 
University College, Dublin, and he is the author of "BizTalk Server: The Complete 
Reference", published by Osborne-McGraw Hill. 
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ROMI MAHAJAN, Ascentium 

Romi Mahajan is Chief Marketing Officer of Ascentium 
Corporation, a leading interactive marketing and technolo¬ 
gy consultancy. Before joining Ascentium, he spent 7+ 
years at Microsoft Corporation where his last role was as 
Director of Technical Audience and Platform Marketing. 

Prior to Microsoft, Romi started two boutigue consulting 
companies specializing in technology and finance joint ventures between U.S. 
and Asian companies. Romi currently serves on a number of industry advisory 
boards in the Media and Technology spaces. A well-known and regular speaker 
on the technology and media circuit, Romi is on the Executive Customer 
Advisory Board of Ziff-Davis Enterprise and has been a panelist at the Windows 
Connections, United Business Media Leadership, Microsoft Tech-Ed, Web 2.0, 
Interop and other conferences. His articles on technology have been published 
in Siliconeer, Silicon IndiaJech-NetMagazine and in a number of proceedings and 
journals worldwide. 

DARREN MAR-ELIA, SDM Software, Inc 

Darren Mar-Elia, is Founder and CTO of Group Policy solu¬ 
tions company, SDM Software. He has over 20 years com¬ 
bined experience in information technology and software 
development. He was Sr. Director of Product Engineering at 
DesktopStandard (acquired by Microsoft) and prior to that, 
served as Chief Technology Officer for Windows management 
solutions at Quest Software. He was also a director of distributed systems at 
Charles Schwab & Co. and helped guide that company's use of Microsoft 
Windows technologies. Darren has written or contributed to 12 books on 
Windows management topics and is a Microsoft MVP for Group Policy technolo¬ 
gy. He also created the popula r gpoguy.com website for information and utili¬ 
ties related to Group Policy. 

DEREK MELBER, BrainCore.Net 

Derek Melber (MCSE, MVP, CISM) is president o f BrainCore.Net 
AZ, Inc., as well as an independent consultant and speaker, as 
well as author of many IT books. Derek educates and evangel¬ 
izes Microsoft technology, focusing on Active Directory, Group 
Policy, Security, and desktop management. As one of only 8 
MVPs in the world on Group Policy, Derek's company is often 
called upon to develop end-to-end solutions regarding Group Policy for compa¬ 
nies. Derek is the author of the The Group Policy Resource Kit by Microsoft Press, 
which is the defacto book on the subject. You can reach Derek at 
derekm@braincore.net. 


custom and off-the-shelf applications, and deploy complex multi-site VPNs. His 
specialization in security led him next to the security consulting practice, where 
he worked with many customers to 

conduct security assessments and risk analysis, deploy technologies for attack 
prevention and intrusion detection, and assist with occasional incident response 
efforts. Steve is now a product manager in Microsoft's Security Business Unit. He 
is a frequent and popular speaker at conferences worldwide, often appearing in 
Asia one week and Europe the next; Steve's speaking engagements have included 
multiple Microsoft TechEds and other conferences, plus SANS, RSA, Black Hat, 
Windows IT Pro roadshows, and InfoSec US. When not evangelizing the benefits of 
Microsoft security technology, Steve spends time with customers to better under¬ 
stand the security pain they face and show how some of that pain can be elimi¬ 
nated. Steve's technical specialties include network and host security, communi¬ 
cation protocols, network design, and information security policies and process. 

GREG SHIELDS 

Greg Shields is an independent author, speaker, and IT 
consultant based in Denver, Colorado as well as a co¬ 
founder and IT guru with Concentrated Technology 
(www.concentratedtech.com) . With nearly 15 years of 
experience in information technology, Greg has developed 
extensive experience in systems administration, engineering, 
and architecture specializing in Microsoft, virtualization, and systems man¬ 
agement technologies. Greg is a Contributing Editor for Redmond Magazine, 
Microsoft Certified Professional Magazine, and Virtualization Review magazine, author¬ 
ing regular columns along with numerous feature articles, webcasts, and 
white papers. He is also the Resident Editor for Realtime Publishers' Windows 
Server Community at www.realtime-windowsserver.com. Greg is also a highly 
sought-after instructor and speaker, regularly seen at IT events like 
TechMentor, and producing computer-based training curriculum for CBT 
Nuggets on numerous topics. 

ALAN SUGANO, ADS Consulting Group 

Bfc I Alan Sugano writes the monthly "Networking Perspectives" 
I *"'1 commentary for Windows IT Pro UPDATE. He's the president of 
1 ADS Consulting Group, Inc. (ADS), which specializes in net- 
I working, custom programming, Web development, SQL 
Server development, and ACCPAC Plus accounting imple¬ 
mentations. Alan frequently delivers talks on network audits, 
server selection, network documentation, network management, network 
design and topologies, SQL databases, and disaster recovery. 






MICHAEL NOEL, Convergent Computing 

Michael Noel, MCSE-H, CISSP, MVP: Michael Noel has been 
involved in the computer industry for nearly two decades, 
and has significant real-world experience helping organiza¬ 
tions realize business value from Information Technology 
infrastructure. Michael has authored several major best-sell¬ 
ing industry books translated into 7 languages with a total 
worldwide circulation of over 100,000 copies. Significant titles include SharePoint 
2007 Unleashed, Exchange Server 2007 Unleashed, the upcoming Windows 
Longhorn Unleashed, ISA Server 2006 Unleashed, SharePoint 2003 Unleashed, 
and many more. Currently a principal consultant at Convergent Computing in the 
San Francisco Bay area, Michael's writings and worldwide public speaking experi¬ 
ence leverage his real-world expertise designing, deploying, and administering IT 
infrastructure for his clients. 

STEVE RILEY, Microsoft 

Steve's career at Microsoft began in 1998 in the telecommu¬ 
nications practice of Microsoft Consulting Services where he 
worked with several ISPs and ASPs to design highly-available 
network architectures, develop hosting platforms for various 


SHANE YOUNG, SharePoint911 

Shane has over 12 years experience architecting and 
administering large-scale server farms using Microsoft 
enterprise technologies. For the past three years, he has 
been working exclusively with SharePoint Products and 
Technologies as a consultant and trainer for 
http://www.SharePoint911.com. Shane has been recognized by 
Microsoft as an authority on SharePoint and is among an elite group of 
Microsoft Office SharePoint Server 2007 MVP's.. He has architected SharePoint 
solutions for clients ranging from 20 to 50,000 users. Shane is a renowned 
speaker at national and international SharePoint conferences. He is also the 
author of The Ted Pattison Group's course SPA401: Professional SharePoint 
Server 2007 Administration. Shane also maintains a popular SharePoint 
focused blog http://msmvps.com/blogs/shane that contains a lot of beneficial 
technical information about SharePoint administration. 
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NEW & IMPROVED 


PRODUCT 


Virtualization 

Management 

Embotics Announces 
V-Commander2.0 

IT pros who deploy virtualization solu¬ 
tions often find themselves managing 
the virtual sprawl that ensues. To assist 
in that task, Embotics' V-Commander 
2.0 provides lifecycle and administra¬ 
tive management for VMs. The updated 
software offers enhanced reporting 
capabilities (including custom reports), 
improved policy options, and stream¬ 
lined deployment and configuration. 
For more information, contact Embotics 
at 613-599-0494 or go to www 
.embotics.com. 


Virtualization 

Security 


SharePoint 
Server 2008 



n a ic (M 
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VMware's cash reserves, 
in billions of dollars. 



Diagnose 
SharePoint 
Application 
Errors 

To help SharePoint 
administrators 
manage and 
troubleshoot their 
environments, 

AVIcode intro¬ 
duced the AVI¬ 
code SharePoint 
2007 Application 

Management Pack, which lets Microsoft 
System Center Operations Manager 2007 
detect problems related to custom Share- 
Point applications and ensure that the 
server and connected components are 

operating properly. 
The management 
pack analyzes 
the root cause of 
application errors 
and correlates 
them with key 
performance coun¬ 
ters, providing a 
diagnostic view of 
SharePoint applica¬ 
tion behavior and 
enabling rapid 
problem resolution. 

For more informa¬ 
tion, contact AVIcode at 443-543-0030 or 
vi s i t www.avicode.com. 

Archive to the Cloud 

Nowhere is Software as a Service (SaaS) 
as readily accepted as it is in the area of 
email archiving. To the SaaS email solutions 
it's been offering since 1998, LiveOffice 
has added LiveOffice Mail Archive. This 
service provides email archiving to busi¬ 
nesses of all sizes that need the benefits of 
archiving and e-discovery but don't have 
the resources for a robust in-house solu¬ 
tion. Mail Archive can help IT staff reduce 



storage costs, minimize Help desk calls, 
and eliminate the need for PSTs.The ser¬ 
vice is available for a flat monthly rate of $8 
per mailbox. For more information, contact 
LiveOffice at 800-251-3863 or go to www 
.liveoffice.com. 


Compass Platform 
IncorporatesIPsec 

Expand Networks' Compass platform now 
integrates standards-based IPsec on all IP 
traffic. One of the strongest encryption 
solutions available, IPsec ensures data 
integrity and authentication between 
offices. Integrating IPsec into Compass lets 
Expand Networks offer complete VPN data 
protection. Compass supports Advanced 
Encryption Standard-128 (AES-128), 
AES-191, and AES-256 encryption stan¬ 
dards. For more information, contact 
Expand Networks at 888-892-1250 or go to 
www.expand.com. 


Seanodes Unveils Exanodes Virtual 
Machine Edition 

Server storage virtualization vendor Sea- 
nodes has announced Exanodes Virtual 
Machine (VM) Edition, a new product that 
lets IT pros consolidate OS and application 
storage onto a virtual SAN. VM Edition inte¬ 
grates with existing server virtualization 
solutions and can leverage virtualization 
technology to convert DAS into NAS. 
Exanodes VM Edition starts at $500 per 
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KNEW & IMPROVED 


terabyte and is available now. To learn 
more, contact Seanodes at 866-580-5515 
or visi t www.seanodes.com. 

Large Software Updates 
PCTune-Up 

Large Software's PCTune-Up software is 
now compatible with the latest Windows 
service packs, Windows Vista SP1 and Win¬ 
dows XP SP3. PCTune-Up provides system 
and registry scanning, backup, and repair- 
registry defragmentation; and optimization 
tools to clean and speed up clogged or 
sluggish PCs. For more information, con¬ 
tact Large Software at 619-990-3830 or visit 
www.largesoftware.com. 



Image Editing Tool 
Becomes Freeware 

SibCode has released Sib Icon Editor 4.0, 
an image editing tool that inhabits the 
niche between Paint and Adobe Photo¬ 
shop. The new version is offered under a 
freeware license. Sib Icon supports 16- and 
256-color images and provides alpha- 
channel support for 32-bit graphics to cre¬ 
ate images with no jagged edges. Tools for 
smoothing, inverting, and colorizing images 
are also available, in addition to the typical 
pen, spray, brush, and bucket tools. Icon 
Editor can save images in .ico, .icpr, .bmp, 
.jpeg, and .png formats and can convert 



Continuing its Microsoft Technology 
Series, Addison-Wesley Professional 
plans to release The Complete Guide 
to Windows Server 2008 by the end 
of September. Author and Windows 
IT Pro contributing editor John Savill 
covers Server 2008 deployment plan¬ 
ning, implementation, and manage¬ 
ment and highlights the OS's new 
features, including Server Core and 
Hyper-V. Based on the Server 2008 
final release code, the book devotes 
an entire chapter to troubleshooting 
Server 2008 and Windows Vista envi¬ 
ronments; a "how to" index helps readers locate answers to commonly asked ques¬ 
tions. The Complete Guide to Windows Server 2008 can be pre-ordered at Amazon.com 
and other major bookstores. 


Uhe Completes 

Windows 

JLerver 


JOHN SAVILL 



Mac icons into Windows format. To learn 
more, contact SibCode at support@sibcode 
.com or visit www.free-icon-editor.com. 


Open-E Announces 
VMware Certification 

Storage management software provider 
Open-E has announced that its Data Stor¬ 
age Server (DSS) IP-storage OS has been 
certified to work with VMware ESX Server 
3.5. According to Open-E, DSS is an "all-in- 
one, fourth generation operating system 
software solution for centralized IP-storage 
management, combining full NAS and iSCSI 
SAN functionality." For more information, 
call 770-881-7680 or visit www.open-e.com. 

InstantDoc ID 99749 


Protect IIS from Attack 

The latest version of Privacyware's 
ThreatSentry, a web application firewall 
and intrusion-prevention solution for 
Microsoft IIS, bumps up protection against 
SQL-injection, cross-site-scripting, and 
other types of web application and data¬ 
base attacks. ThreatSentry detects and 
blocks known and new attacks, as well 
as unwanted web application traffic.The 
product also aids compliance with Section 
6.6 of the Payment Card Industry Data 
Security Standard. For more information, 
contact Privacyware at 732-212-8110 or 
visi t www.privacyware.com. 
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REVIEWS 



Palm Treo 750 

Following is a summarized review of the Palm 
Treo 750. To read the full-length version of this 
review, go t o www.windowsitpro.com and enter 
InstantDoc ID 99719. 


With the increasing business use of the 
smart phone in mind, I checked out the 
Palm Treo 750 to see how it might benefit 
systems administrators. Palm has set aside 
its Palm OS in favor of Windows Mobile 5.0, 
making it particularly interesting for Win¬ 
dows IT pros. 

The quad-band Treo 750 runs Windows 
Mobile 5.0 Pocket PC Phone Edition. It fea¬ 
tures third-generation technology (3G) and 
supports Bluetooth 1.2. The device uses 
Microsoft Outlook Mobile and ActiveSync, so 
you can sync it with Outlook and—thanks to 
Microsoft's Direct Push Technology—receive 
push email from your business account. It 
also synchs with POP3/IMAP accounts. The 
embedded Microsoft Office Mobile applica¬ 
tion lets you view and edit Microsoft Excel, 
PowerPoint, and Word documents. The 
threaded Short Message Service (SMS) chat 
client, which lets you view SMS messages 
in easy-to-follow IM conversation style, is 
impressive. Another nice feature is the abil¬ 
ity to decline incoming calls and send a 
template-based text response. 

The Treo 750's 2.5" touch screen is big 
and bright, but I admit to a certain clumsi¬ 


ness while using the device's diminutive 
keyboard. The full-fledged QWERTY key¬ 
board is nice, but I couldn't muster the dex¬ 
terity and needle-sharp aim necessary to 
use it, so I took advantage of the included 
stylus and the easily accessible, onscreen 
keyboard. 

Call quality is impressive. Equally fine is 
the device's fluid responsiveness to touch 
and to stylus. However, the Treo 750's bat¬ 
tery life is a concern. According to Palm, 
the device's removable 1200mAH battery 
provides as much as four and a half hours 
talk time and 10 days standby. In my tests, I 
averaged about four hours talk and a week 
standby—and those stats seem low. 

I spent a great deal of time navigating 
Office applications on the smart phone. I 
don't have a lot of experience working on a 
240 x 240-pixel screen, so it's with that caveat 
that I admit to frustration while navigating 
files. 

Synchronization with my desktop email 
and calendar was seamless. When receiving 
a call, I could create a new contact for that 
caller, and the contact synchronized with 
Outlook effortlessly. 

Overall, I'm impressed with the business 
usability of the Treo 750. It's a sleek, spiffy 
device that will quickly become essential to 
your day-to-day administrative lifestyle. ^ 

InstantDoc ID 99719 


Palm Treo 750 

PROS: Runs on Windows Mobile; Direct Push 
Technology is a boon for administrators; embed¬ 
ded Office Mobile apps provide seamless integra¬ 
tion with your office environment 

CONS: Lacks built-in Wi-Fi; lurks at the low end 
of the battery-life spectrum 

RATING: 

PRICE: $529 

RECOMMENDATION: Palm's embrace of 
Windows Mobile has made the Treo 750 a top- 
tier choice for the IT pro—as long as you make 
it Wi-Fi-capable and keep an eye on your battery 
life. 

CONTACT: Palm - www.palm.com - 
408-617-7000-866-373-9162 
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SUMMARIES of ^ 

in-depth product reviews 
on Paul Thurrott's 
SuperSite for Windows 

Mozilla Firefox 3.0 

PROS: Big browser update with lots of func¬ 
tionality and security improvements 

CONS: Not as easily managed via Group Policy 
as is Microsoft Internet Explorer 

RATING: 44444 

RECOMMENDATION: Mozilla Firefox 3.0 
is the fastest, safest, and most feature-rich 
web browser available on any platform, and I 
recommend it to all individuals. Corporations 
face a different proposition, however: Firefox 
3.0 isn't as easy to deploy or manage via Group 
Policy as Microsoft Internet Explorer (IE), and 
it might not be compatible with IE-based 
intranet sites. That concern aside, though, I rec¬ 
ommend Firefox 3.0 without hesitation, as it's 
one of those very rare, nearly flawless software 
products and a key tool in my own personal 
computing arsenal. 

CONTACT: Mozilla • www.mozilla.com 

DISCUSSION: www.wi nsu persite.com/ 
reviews/firefox3.asp 

Windows Server 2008 Hyper-V RTM 

PROS: Free with Windows Server 2008; 
supports legacy Microsoft Virtual Hard 
Disk-based virtual machines; large-memory 
support; can be installed in Server Core 

CONS: Unproven new technology; not as 
mature or well-supported as VMware's products 

RATING: N/A 

RECOMMENDATION: Microsoft's near- 
bare-metal virtualization technology places 
Windows Server Hyper-V squarely in VMware's 
crosshairs as a viable virtualization solution. 

Add Hyper-V to Microsoft's surprisingly rich 
set of virtualization products—including 
Terminal Services (presentation virtualization), 
Application Virtualization (formerly SoftGrid), 
document redirection and offline files (profile 
virtualization)—and System Center central¬ 
ized management products, and you've got a 
comprehensive solution. Hyper-V is ready for 
business. 


CONTACT: Microsoft • www.microsoft.com • 
800-426-9400 
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dtSearch 7 Desktop with Spider 

The index is mightier than the sword 


I admit it: I've been a skeptic of index¬ 
ing and desktop searching solutions. I've 
installed solutions from Google, Microsoft, 
and others in the past but haven't been all 
that impressed—mostly because I've been 
annoyed by application performance and 
the lack of control over what gets indexed 
and when. But dtSearch has made this skep¬ 
tic a believer by providing easy-to-manage 
indexes and blazingly fast search functional¬ 
ity all rolled into one nice, tidy bundle called 
dtSearch 7 Desktop with Spider. 


Easy Index Setup 

Setup and installation of dtSearch is 
straightforward and painless. I also found 
that I didn't need the Quick Start material in 
the accompanying documentation because 
dtSearch is very intuitive. Creating indexes is 
actually a treat. Instead of using a treeview 
structure representing drives, folders, and 
files that you either include or exclude in an 
index, dtSearch takes a cleaner approach 
in which you explicitly add desired end¬ 
points—be they files, folders, or websites. 
Adding these endpoints is simple, and 
dtSearch gives you excellent control over 
spidering options (e.g., how many links 
deep to spider, which external links, if any, 
to follow). Best of all, dtSearch realizes that 
you might need to create different indexes 
for different purposes and lets you create 
multiple indexes as needed. I also find it 
refreshing that dtSearch offers full control 
over when indexes will be populated (or 


updated) and lets you change compres¬ 
sion and filtering options to help fine-tune 
indexes as needed. 

Testing dtSearch 

To put dtSearch through its paces, I pointed 
it at a motley assortment of documents, 
code, projects, and various other bits and 
bytes that I've been dragging around for 
years—including a large number of com¬ 
pressed (or zipped) folders and archives. 
Altogether, this bunch of data comprised 

over 40,000 files and took 
up more than 30GB of 
disk space. Then, to make 
things a bit tougher, I 
forced dtSearch to index 
this information over the 
network by exposing it 
as a mapped drive on my 
test machine. Indexing 
this mess took less than 
90 minutes, but when it 
was done I was amazed 
at the kinds of things 
that dtSearch ended up 
indexing. Of course, I 
didn't really appreciate 
this benefit until I started 
searching for various terms, phrases, words, 
and patterns. That's when it became appar¬ 
ent how much power I had at my fingertips. 

I was also impressed at how quickly my 
search results came back: no lag, no wait— 
just instant results. 

The only slightly negative thing I can 
say about dtSearch is that the search inter¬ 
face initially seems just a tad cluttered, 
as Figure 1 shows; this clutter is mostly 
because the application seems bent on 
displaying every possible search option 
to make sure users find what they're look¬ 
ing for. In retrospect, I wonder whether I 
just didn't have enough data to be able 
to harness all the search capability that 
dtSearch provides. In other words, if I had 
a few hundred gigabytes (or a terabyte 


or two) of data and documents, I'm sure 
that the seemingly cluttered Ul wouldn't 
be an issue. In fact, after I used dtSearch 
for about one hour to see if it would slow 
down, the Ul really started to make a lot of 
sense—to the point that I was very com¬ 
fortable with it despite its appearance. 

Best for Complex Searches 

My final analysis of dtSearch is that although 
it's powerful enough to meet casual desktop 
search needs, it's really targeted at users who 
need to instantly navigate mountains of 
data and documents. As such, dtSearch is a 
little overpriced for casual or simple searches 
(unless you're a total control freak like me). 

But for anyone surrounded by mountains of 
data and documents, dtSearch is a must-have 
solution that truly proves that the index is 

mightier than the sword. ^ 

InstantDoc ID 99814 


dtSearch 

PROS: Provides full control over indexing 
options, times, and managed content; offers 
excellent indexing options and searches many 
types of data (files, folders, websites, Outlook, 
and—using APIs—databases); provides instant 
search results 

CONS: Search interface is a bit cluttered; 
doesn't let you change the storage location of 
existing indexes; lacks ability to export index 
definitions 

RATING: ♦♦♦♦♦ 

PRICE: Starts at $199 for a desktop license. 
Volume licensing is also available, and dtSearch 
provides other solutions that can be integrated 
with the product's core search functionality. 

RECOMMENDATION: dtSearch is geared 
toward users who really need to search large 
numbers of documents and data, and for users 
who need complete control over indexing 
and search functionality. If you routinely need 
to navigate lots of documents and data in a 
hurry, I recommend dtSearch as a must-have 
solution. 

CONTACT: dtSearch • 301-263-0731 • 
www.dtsearch.com 
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Figure 1: Index creation and spidering options 
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www.itiobhound.com 


The Leader of the Pack in IT Job Search Web Sites! 


IT Job Hound is the best place to find a job in IT. 

Whether you're a developer, IT Pro, web designer, or 

somewhere in between—we'll help you: 

• Get your anonymous resume in front of employers. 

• Set up E-mail Job Alerts that e-mail you the latest jobs that 
you'd be interested in. 

• Find more than your next rung on the ladder—we'll 
help you find a job you love at a company that fits your 
needs, lifestyle, and salary requirements like a glove. 



What are you waiting for? Find your new ITjob now at 

www.itjobhound.com 


Sign up and 
post your 
resume now! 




10 Free Music Downloads 


Be one of the first 50 to sign 
up and post your resume today 
and you'll receive 10 free song down¬ 
loads! It's like getting an entire CD for 
FREE! Sign up here: www.windowsitoro. 
com/qo/1 Ofreesonqs 


IT Job Hound is brought to you by the passionate and well-connected people at Windows IT Pro and SQL Server Magazines. 


Employers: Post your jobs on IT Job Hound and reach the most 
qualified candidates in the IT industry. Set up your account and 
post your jobs today atwww.windowsitpro.com/go/jobhound 
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Instant Messaging 

Headaches 


eeping tabs on a modem workforce's diverse communication tools can be a daunting 
task. Most enterprises struggle not only with email and voice messaging but also with 
managing faxes, e-faxes, and file attachments. And now instant messaging (IM)—and to 
a lesser extent, mobile-device texting—is becoming yet another communications medium 
for IT pros to manage. 

IM can be a powerful productivity tool. A 2004 study by the Radicati Group—a technol¬ 
ogy research firm based in Palo Alto, California—suggested that IM use in the enterprise would increase 
dramatically from 2004 to 2008, estimating that 45.8 billion instant messages would be exchanged on 
a daily basis by 2008. A more recent 2007 IM study from Gartner predicted that "by the end of 2011, 
IM will be the de facto tool for voice, video, and text chat, with 95 percent of workers in leading global 
organizations using it as their primary interface for real-time communications by 2013." The Gartner 
report continued, "The worldwide market for enterprise IM is forecast to grow from $267 million in 
2005 to $688 million in 2010." 

All this growth translates to more work for IT pros. But with a good understanding of the risk factors 
and pain points associated with deploying and managing IM solutions—and a few good products to help 
with the workload—you can avoid most IM headaches. 



Points to 
ponder and 
problems to 
avoid in an IM 
environment 

by Jeff James 


Lay the Foundation 

As with most complex projects, spending plenty of time in the planning and policy-creation phase can 
help you avoid painful migraines and career-crippling cost overruns. "You really need to get a handle on 
the human aspect of [your IM environment] first," says Don Montgomery, vice president of marketing 
at Akonix, a provider of email and IM management and security products. "IM can be a productivity¬ 
enhancing communications medium, but you need to enact—and enforce—policies that will make the 
system work efficiently. Almost every organization has corporate policies with regards to email usage, and 
many of those policies are transferable to IM communications." 

Montgomery also suggests that IT pros think carefully about how they plan to integrate IM commu¬ 
nications within their infrastructures. "There are companies that have started implementing IM with the 
assumption that they could automatically use existing firewalls and intrustion detection system (IDS)/ 
intrustion prevention system (IPS) products to secure their IM channel, but that assumption is incorrect," 
says Montgomery. "You might need purpose-specific devices that are created to manage IM in your envi¬ 
ronment. You can't assume that an existing email security solution will also cover your IM channel." 

Finally, Montgomery stresses that you should look at IM holistically, as an important part of a com¬ 
munications infrastructure that includes email, e-faxes, digital voice, and potentially VoIP and other 
technologies. "IM shouldn't be treated as an island. It should be treated as a vital part of your messaging 
infrastructure but should also integrate and coexist efficiently with your existing solutions." 

Howard Lev, Symantec's group product manager for compliance and security management, agrees that 
getting various groups within an organization to think about IM can sometimes be a challenge. "Sometimes 
there's a separation of responsibility that can create problems when it comes to creating an effective IM 
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IM HEADACHES 


communications policy," says Lev. “You have 
email people, then security people, and then 
the legal team. All these individuals might be 
focused on solving tasks in their own areas, 
but for a digital communications policy to 
be effective, those people need to break out 
of their silos, pull the blinders off, and work 
together." 

The Four IM Pain Points 

Montgomery suggests that IT pros keep 
four potential problem areas in mind when 
dealing with IM deployment: security, com¬ 
pliance, confidential-data loss, and inap¬ 
propriate usage. You'll find vulnerabilities in 
each of these areas, and you must approach 
each with the same level of attention that your 
traditional communication channels receive. 

Security. One of the biggest challenges 
with an IM infrastructure is simply keeping 
the channel secure. Although email receives 
the lion's share of spam, viruses, malware, 
phishing attempts, and other threats, IM 
gets its share. “IM is yet another conduit or 
attack vector for hackers to deliver malicious 
code [into the enterprise]," says Montgom¬ 
ery. “Many hackers use social engineering 
to increase the odds that their attacks will 
be successful." Attackers can send a user an 
instant message that appears as if it's com¬ 
ing from a friend, coworker, or other trusted 
source, and that message might contain a 
spoofed link—what Montgomery refers to as 
a “poison URL"—that can download mali¬ 
cious content to a client PC. 

According to Montgomery, the growth of 
IM security threats has gone through numer¬ 
ous stages, similar to how problems emerged 
with email. Most initial threats were nuisance 
threats, or what Montgomery calls “hacker 
glory"—that is, attacks primarily designed 
to make the attacker look cool to his or her 
peers, essentially the digital equivalent of 
subway graffiti. Over time, those attacks have 
become more sophisticated and malevolent, 
presenting an increasing threat to IT pros. 

A number of vendors provide IM security 
solutions designed to protect the IM channel 
from malicious attacks, including Akonix 
(A-series appliances), Barracuda Networks 
(Barracuda IM Firewall), FaceTime Com¬ 
munications (IM Auditor), Sunbelt Software 
(Counterspy Enterprise), and Symantec (IM 
Manager and Symantec Mail Security). For 
a more in-depth list of IM security vendors, 
check out the sidebar “IM Security Vendors," 


and for another vendor's unique solution 
to IM security, read the sidebar “Maxwell 
Smart? Your IM Is Ready," page 66. 

Compliance. Most federal and state 
laws consider instant messages to be elec¬ 
tronic communications, so IT pros must 
ensure that their IM deployments fully 
comply with all those laws. Many large 
companies need to produce IM messages 
in response to legal e-discovery requests, 
so the ability to archive and quickly recover 
specific messages is a must. 

“The majority of our customers are really 
concerned about IM compliance issues," 
says Lev. “They want to be able to capture 
all their IM messages, log them, and easily 
search an archive database when they get an 
e-discovery request. They also need to ensure 
that their IM communications comply with a 
host of federal and state regulations concern¬ 
ing email usage, including Sarbanes-Oxley 
and HIPAA." Symantec sells an Information 
Foundation Bundle that offers the ability to 
archive IM traffic through Symantec Enter¬ 
prise Vault, the company's email-archiving 
and -retention tool. 

A host of rules and regulations govern 
electronic communications. IT managers 
and CIOs—especially at large enterprises— 
would be well advised to be on a first-name 


basis with corporate counsel and their 
finance executives. “All these regulations can 
require a lot of different things, including 
retaining the content of those messages. IM 
is an electronics communication medium, 
and the company that provides that service 
to its employees bears the liability," says 
Montgomery. That liability can even extend 
to personal IM accounts that employees use 
at work. “The [IM provider] isn't relevant, but 
the role of the person and the nature of the 
communication is." 

Montgomery points to a number of 
regulatory bodies—ranging from financial 
services (Financial Industry Regulatory 
Authority—FINRA), the energy industry 
(Federal Energy Regulatory Commission— 
FERC, North American Electric Reliability 
Corporation—NERC), and general oversight 
by the Securities and Exchange Commission 
(SEC) for large companies—that can affect 
the way you manage and archive instant 
messages. The moral of the story is clear: IM 
is a vital part of a communications infrastruc¬ 
ture, and you must operate it in compliance 
with the same rules and regulations that gov¬ 
ern other digital communications methods. 

Vendors that can help you ensure that 
your IM channel complies with required reg¬ 
ulations include Akonix (L7 Enterprise Suite), 


Akonix 

Presensoft 

Tel: 619-814-2300 

Tel: 713-493-0108 

Fax:619-814-2360 

Fax:713-493-0109 

Web: www.akonix.com 

Web: www.presensoft.com 

Barracuda Networks 

Sigaba 

Tel: 408-342-5400 

Tel: 650-572-6100 

Fax: 408-342-061 

Fax: 650-572-6101 

Web: www.barracudanetworks.com 

Web: www.sigaba.com 

FaceTime Communications 

Sunbelt Software 

Tel: 650-631-6300 

Tel: 727-562-0101 

Fax: 650-598-2820 

Fax: 727-562-5199 

Web: www.facetime.com 

Web: www.sunbeltsoftware.com 

Microsoft 

Symantec 

Tel: 800-642-7676 

Tel: 408-517-8000 

Web: www.microsoft.com 

Fax: 408-517-8186 

Web: www.symantec.com 
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Microsoft' 


Forefront 


Microsoft 


taking on man-eating 
plants, easy. 


taking on security 
threats, easier. 


1. Know your leafy enemy. 

What changed your dusty, dried-out office 
plant into a bloodthirsty menace? Will you 
be held responsible for the workloads of 
your devoured coworkers? 


1. Implement Microsoft® Forefront.” 

Forefront makes defending your systems easier. 
It's a comprehensive, simple-to-use, integrated 
family of products that helps provide protection 
across your client, server, and network edge. For 
case studies, free trials, demos, and all the latest 
moves, visit easyeasier.com 

Forefront is business security software for client, 
server, and the network edge. 


2. Office coffee. 

This works well against so many office threats. The more over¬ 
brewed, reheated, and dirty-pot-prepared, the better. Two pots 
and it's over. 


3. The junk food attack. 

In the afternoon, when energy 
is low, raid the vending machine 
and fill the Man-Eating Plant with 
snacks, chips, cookies, etc. Puts you 
right to sleep—the Plant too, 
we bet. 


4. Go green. 

We mean literally. Disguise yourself as a 
plant—a leafy fern, perhaps—to escape 
carnivorous Plant scrutiny. Helps you 
escape boss scrutiny as well. 


5. Weed spray. 

This is generally nasty stuff, 
but there are plenty of organic 
weed sprays on the market. 
And this is a Man-Eating Plant, 
so it seems justified. 






IM HEADACHES 


Maxwell Smart? 
Your IM Is Ready 


If you're looking for a more secure way to create (and view) instant messages, 

developer BigString has a solution for you.The company has developed a new IM application that can lever¬ 
age existing IM clients—such as AOL's AIM, Yahoo's Messenger, MSN's Messenger, and Google's Gtalk—to 
send IM messages that vanish after a set period of time. 

According to BigString, the patent-pending IM technology lets users send instant messages that self- 
destruct after they're read. Screenshot utilities can't capture, log, or otherwise copy them. The service doesn't 
leave copies of messages on any server or client machine, and you can specify self-destruct intervals to be 
anywhere from a few minutes to a few hours. 

In its product announcement, BigString touted its product's ability to work with existing IM clients."Our 
new web-based IM makes it very easy for IM users to have private conversations with current IM buddy 
lists without having to switch to a new service," stated Darin Myman, president and CEO of BigString. "Our 
strategy to quickly grow our IM 
user base revolves around cre¬ 
ating unique applications that 
leverage the tens of millions of 
existing IM users." 

For information about Big¬ 
String and its IM technology, 
visit www.bigstring.com. 

InstantDoc ID 99737 


FaceTime Communications (IM 
Auditor), and Symantec (Syman¬ 
tec Mail Security, Information 
Foundation Bundle/Enterprise 
Vault, and Vontu Data Loss 
Prevention). 

Confidential-data loss. What about 
securing IM from inadvertent data loss by 
careless employees? IM was primarily driven 
into the workplace by employees using their 
personal IM accounts, which often weren't 
managed or secured by corporate IT depart¬ 
ments. That situation has changed over the 
past few years, but ensuring that employees 
follow company guidelines can still be a 
significant challenge. "With IM, businesses 
have created another means for employ¬ 
ees to communicate outside the company, 
which means you have another way to lose 
confidential information," says Montgomery. 
"Many companies in technology industries 
compete in their respective markets on the 
strength of their patents and intellectual prop¬ 
erties, so keeping that information secure is 
vitally important. It's easy to send a video clip 
or detailed drawing of a new product via IM." 
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ees are harassed by other 
employees at work over IM," 
says Montgomery. "When 
you consider that some IT 
researchers believe that some 
50 million workplaces use IM, 
that translates into some 15 
million lawsuits just waiting 
to happen. Again, the com¬ 
pany provides the IM com¬ 
munication, so the company 
bears liability for the content 
of that IM communication." 

Content that should raise 
red flags includes hostile, 
offensive, and harassing content 
and the "seven words you can't 
say on TV" (popularized by 
the late George Car¬ 
lin), as well as other 
inappropriate mate¬ 
rial. Products that 
can help you screen 
your IM traffic for 
inappropriate usage 
include Akonix' 
L7 Enterprise Suite 
and FaceTime Com¬ 
munications' IM 
Auditor. 


Symantec makes several products 
that help keep tabs on vital company 
information, including Vontu Data Loss 
Prevention. It includes two modules: Net¬ 
work Monitor, which can track informa¬ 
tion within your organization, as well as 
who it's sent to, and Vontu Network Pre¬ 
vent, a product that can prevent sensitive 
information from leaving an organization. 
Akonix provides its L7 Enterprise Suite, 
and FaceTime's IM Auditor can help keep 
tabs on IM traffic. 

Inappropriate usage. A final, often 
overlooked potential IM pain point for 
IT pros is employees' inappropriate IM 
usage. Because some users believe IM 
traffic isn't tracked or monitored as closely 
as email messages are, they often use 
IM for inappropriate purposes. "A recent 
study revealed that 31 percent of employ- 


No More 
Headaches? 

As IM becomes a 
more integral part of 
the enterprise com¬ 
munications infrastructure, some of these IM 
pain points will be alleviated. That said, new 
communications technologies will undoubt¬ 
edly emerge, and the stalwart IT pro will be 
called upon to deploy, manage, and secure 
any new communications channel. But as this 
discussion has revealed, an IT pro armed with 
the right planning, a toolbox of good products, 
and a willingness to embrace change will be 
well positioned to face the challenge. ^ 

InstantDoc ID 99735 


Jeff James 

(jjames@windowsitpro.com) 
is senior editor, products, for 
Windows IT Pro and SQL Server 
Magazine. He specializes in vir¬ 
tualization and terminal services 
and has over 15 years of experi¬ 
ence as a writer and digital- 
content producer. 



SEPTEMBER 2008 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 





















BUYER’ 


GUIDE 


S 


OS and Application by Sheila Molna 

Deployment 

_ ^ _ I _ I 3 mil 


Tools 


Before a rollout, investigate 
tools that could save you time 
and effort 


T o make rollouts easier for large and midsized orga¬ 
nizations, Microsoft and third-party vendors offer an 
assortment of deployment toolsets. The Microsoft 
Deployment Toolkit (MDT) 2008 is useful for combined 
OS and application rollouts. Windows Deployment 
Services (WDS) is geared toward deploying an OS to 
remote sites. Windows System Image Manager (Windows SIM) lets 
you create and manage unattended configuration files and add or 
delete optional components within an existing OS image. 

If you have a complex deployment of Microsoft and non- 
Microsoft OSs, you might want to consider a third-party deployment 
product. For a look at the features of both Microsoft and third-party 
deployment products, see the buyer's guide table on page 68. 

Deployment Choices: MDT 

MDT supports many Microsoft OSs and applications. It offers 
a common console from which you can perform desktop and 
server deployments. MDT provides one path for image creation 
and automated installation and helps decrease deployment 
time and service disruptions, standardize images, and improve 
security and configuration management. MDT uses Microsoft 
System Center Configuration Manager 2007 with its Zero Touch 
Installation technology. 

Although MDT's written guidance is extensive, some users 
find the MDT documentation daunting. Rhonda Layfield, who has 
written extensively about deployment in Windows IT Pro , recom¬ 
mends jumpstarting your deployment by first finding a practical, 
how-to article to help you get MDT up and running quickly (for 
more information, see the online Learning Path box at InstantDoc 
ID 99779. ) 

WDS 

WDS is geared toward enabling remote Windows OS deployments. 
WDS lets you set up clients over the network rather than installing an 
OS directly from a CD-ROM or DVD. If you're planning to use WDS, 
Layfield recommends that you run WDS and create boot and install 
images on a Windows Server 2008 system, if possible, so that you 
can benefit from WDS's new multicast functionality. 

Additionally, Layfield recommends storing 32-bit and 64-bit 
images in different image groups. If they're stored in the same image 
group, she says, "single-instancing can't do its job." The architecture 


of 32-bit images is different from that of 64-bit images, so if both 
image types were stored in the same group, they'd consume more 
disk space than if stored separately. Layfield also says that, when 
using WDS, it's important to use the Microsoft-supplied Windows 
Preinstallation Environment (WinPE) version (which looks for setup 
.exe and presents a list of OS images to choose from), rather than 
create your own WinPE. 

Windows SIM 

Windows SIM lets you create and manage Windows Setup answer 
files, which are XML-based files that Windows Setup uses to con¬ 
figure and customize a default Windows installation. Use Windows 
SIM to validate answer-file settings against a Windows image file. 
Layfield says that, when using Windows SIM, you should copy over 
the install.wim file from a Windows Vista or Server 2008 DVD onto 
a local drive when you start an OS deployment. 

Third-Party Tools 

Third-party deployment products have a price tag, whereas Micro¬ 
soft's deployment tools are free, but third-party products offer the 
benefit of customization, and some products handle deployments of 
non-Microsoft OSs, such as Linux, in addition to Windows—a useful 
feature for organizations with heterogeneous environments. 

Some vendors also tout the fact that their rollouts won't slow 
other network traffic during deployment. Peter Kinch, product mar¬ 
keting manager at ManageSoft, an OS and application deployment 
tool vendor, offers this advice: "When deploying [OSs or applica¬ 
tions] to your IT infrastructure, know what all the devices are on your 
network. You can leverage AD [Active Directory] to help find devices 
on your network, but you have to assume that there are devices you 
won't be able to find by using AD alone." 

Even if you use a deployment tool, a large OS or application roll¬ 
out still isn't a simple operation. Nevertheless, the automation these 
tools provide is a welcome advance over manual deployments. 

InstantDoc ID 99779 


SHEILA M0LNAR (smolnar@windowsitpro.com) is 
a Windows IT Pro senior editor and lead editor tor SQL 
Server Magazine. She's also responsible for editorial 
strategy on WinDevPro.com, the developer website. 
Formerly, she managed SDK and IT pro content teams at 
Microsoft. 



www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 


SEPTEMBER 2008 67 







P R 0 D U C T S 


DEPLOYMENT TOOLS 


Buyer's guide table compiled by Jeff James. 


Company 

Product 

Pricing 

OS Deployment? 

Application 

Deployment? 

VM 

Deployment? 

Management 

System 

Integration? 

Migration: 

User Data?/ 

App. Settings?/ 
Config. Settings? 

n-Tier 

Deployment? 

Acronis 

877-669-9749 

781-222-0920 

www.acronis.com 

Acronis Snap 
Deploy 3 

PC $19.99; 

server 

$99.99 

Any x86-based OS 

No 

Yes 

No 

Yes/Yes/Yes 

No 

CA 

800-225-5224 

631-342-6000 

www.ca.com 

CA IT Client 
Manager 

$75/man- 
aged node; 
volume 
discounts 

Windows (Vista/XP), 
Linux (Red Hat/SUSE) 

Yes 

No 

Microsoft 
Systems 
Management 
Server, other 

CA apps 

Yes/Yes/Yes 

Yes (3-tier) 


CA Plex 

$6,000 per 
developer 
seat 

Windows/.NET, Java/ 
J2EE, IBM Power 
Systems (i5/OS, 
OS/400) 

Yes 

Yes 

No 

Yes/Yes/Yes 

Yes 


CAGen 

Variable 

Windows XP, Linux 

No 

No 

No 

No/No/No 

Yes 

EMCO Software 

+354-861-1175 

www.emco.is 

EMCO MSI 
Package 

Builder, 

Enterprise 

Edition 

$595 per 
administra¬ 
tor license 

No 

Yes 

No 

No 

Yes/Yes/Yes 

No 


EMCO Remote 
Deployment 

Kit 

$595 per 
site license 

No 

Yes 

No 

No 

No/No/No 

No 

HP 

800-474-6836 

650-857-1501 

www.hp.com 

HP Client 
Automation 

Variable 

Windows (Vista, XP), 
Linux, HP thin-client 
devices 

Yes 

Yes (VMware 
ESX Server) 

Yes (Any 

SNMP- 

compatible 

system) 

Yes/Yes/Yes 

Yes 

KACE Networks 

650-316-1050 

877-646-8366 

www.kace.com 

KBOX Systems 
Management 
Appliance 

Begins at 

$4,900/ 

appliance 

Windows (Vista, 

XP, 2000, Server 
2008/2003), Mac, 
Solaris, Linux 

Yes 

Yes 

No 

No/Yes/Yes 

Yes 

ManageSoft 

800-441-4330 

617-532-1600 

www.manaqesoft 

.com 

Enterprise 

Deployment 

Suite 

Variable 
per man¬ 
aged 
device 

Windows (Vista, 

XP, 2000, Server 
2008/2003) 

Yes 

Yes 

Microsoft 

Operations 

Mananger, 

newScale 

Yes/Yes/Yes 

Yes 

Microsoft 

800-508-8454 

www.microsoft.com 

System Center 
Configuration 
Manager 2007 

Variable 

Windows (Vista, 

Vista SP1,XP, Server 
2008/2003/2000) 

Yes 

Yes 

Yes 

Yes/Yes/Yes 

Yes 

Scriptlogic 

800-813-6415 
561-886-2400 
www.se ript logic 

.com 

Desktop 

Authority 

$ 9/desktop 
+ $10.30/ 
desktop for 
patching 
option 

Managed by Desktop 
Authority Image 
Center 

Yes 

No 

System Center 
Configuration 
Manager 

Yes/Yes/Yes 

No 


Desktop 

Authority 

Image Center 

$15.45/ 

desktop 

Windows (Vista, XP, 
2000, 98, ME, NT 4.0, 
Server 2008/2003) 

Managed 
by Desktop 
Authority 

No 

No 

Managed 
by Desktop 
Authority 

No 

Symantec 

800-745-6054 
408-517-8000 
www.sy ma ntec.com 

Altiris 

Deployment 

Solution 

Client node 
$47; server 
node$173 

Windows (Vista, 

XP, 2000, Server 
2008/2003), Mac, 

Linux 

Yes 

Yes 

Altiris Client 
Management 
Suite; Altiris 
Server 

Management 

Suite 

Yes/Yes/Yes 

Yes 


Symantec 

Ghost Solution 
Suite 2.5 

$39.20 per 
license 

Windows (Vista, XP, 
2000, Server 2008/ 
2003), Mac, Linux 

Yes 

Yes 

Altiris Client 

Management 

Suite 

Yes/Yes/Yes 

No 
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PRODUCT S 


DEPLOYMENT TOOLS 



Logical 

Volume 

Support? 

Remote 

Management? 

AD Integration? 

Group 

Policy 

Integration? 

System 

Cloning? 

Types of 

Deployment 

Images 

Deploy .NET 
Framework? 

Deploy 

Java 

Runtime? 

Deploy 

Patches to 
Apps? OSs? 

Able to 

Inventory 

Software? 

Hardware? 

Licenses? 

Yes 

Yes 

No 

No 

No 

.tib 

No 

No 

Yes/Yes 

No/No/Yes 


Yes Yes Yes Yes No .wim,file- Yes Yes Yes/Yes Yes/Yes/Yes 

based, 

Symantec 
Ghost (.gho) 


Yes Yes No No No n/a Yes Yes Yes/Yes No/No/No 


No No No No No n/a Yes Yes No/No No/No/No 


No 

No 

No 

No 

No 

.msi packages 

Yes 

Yes 

Yes/No 

Yes/No/No 

No 

Yes 

No 

Yes 

No 

Files/registry 
copy, merging, 
.exe, install/ 
uninstall 

Yes 

Yes 

Yes/Yes 

Yes/Yes/No 

Yes 

Yes 

Yes 

Yes 

Yes 

.wim 

Yes 

Yes 

Yes/Yes 

Yes/Yes/Yes 

Yes 

(100-8,500 

nodes) 

Yes 

Yes 

Yes 

Yes 

.msi, .exe. .zip, 
•Pkg, .app, 

.dmg, .tgz, tar 
.gz, .rpm, .bin, 
pkg.gz 

Yes 

No 

Yes/Yes 

Yes/Yes/Yes 

No 

Yes 

Yes 

Yes 

Yes 

.wim, Ghost, 
Acronis 

Yes 

Yes 

Yes/Yes 

Yes/Yes/Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

.wim 

Yes 

Yes 

Yes/Yes 

Yes/Yes/Yes 

No 

Yes 

Yes 

Yes 

No 

n/a 

Yes 

Yes 

Yes/Yes 

Yes/Yes/Yes 

Yes 

Managed 
by Desktop 
Authority 

No 

No 

Yes 

Desktop 

Authority 

Image Center 
files 

Managed 
by Desktop 
Authority 

Managed 
by Desktop 
Authority 

Managed 
by Desktop 
Authority 

Managed 
by Desktop 
Authority 

Yes 

Yes 

Yes 

(Authentication) 

No 

Yes 

.img, .gho, 

.vmdk, 

PowerQuest 

V2i, .wim 

Yes 

Yes 

Yes/Yes 

Yes/Yes/No 

Yes 

No 

No 

No 

Yes 

.gho, .vmdk, 

.pqi, Power- 
Quest V2i 

Yes 

Yes 

Yes/Yes 

Yes/Yes/No 
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INDUSTRY BYTES 


■ Virtualization ■ IT Careers 

■ Green Computing ■ Security 


INSIGHTS FROM THE INDUSTRY 


What's Hot: 
Reader Review 

As the IT manager for Resolvit, an IT and 
management consulting firm, Brian Haugli 
was looking for an economical way to 
virtualize some of his company's assets. 

He tested virtualization products from 


READER: 

Brian Haugli 
IT manager 

PRODUCT: 

Parallels Virtuozzo 
Containers 3.51 


several vendors. "We did test XenServer, 
Microsoft Virtual Server, and VMware ESX 
Server. We realized that the majority of our 
infrastructure was running on Windows, so 
we [looked at] Parallels Virtuozzo Contain¬ 
ers 3.51, an OS virtualization product," says 
Haugli. 

Because Virtuozzo Containers virtual¬ 
izes only the OS—not the underlying 
hardware—the footprint on the server is 
reduced. "The OS, when virtualized, is only 
200MB.... [Virtuozzo Containers] lets us 
get away with using fewer resources, from 
memory utilization to hard-disk space 
and CPU utilization,"says Haugli. He esti¬ 
mates that OS virtualization has helped his 
department trim costs and cut expenses 
significantly. "When you add up all the sav¬ 
ings on hardware costs, energy costs, and 


man-hours, we've saved a bundle—close 
to $100,000 in 2007 alone." 

Haugli wishes that the template pro¬ 
cess Virtuozzo uses to create new virtual 
servers was more flexible, but that hasn't 
stopped him from using virtualization 
in just about every aspect of his IT infra¬ 
structure. "All of our SQL databases are 
virtualized (other than one for BlackBerry 
support), as is SharePoint, HR software, and 
other applications." 

"When you add up 
all the savings on 
hardware costs, 
energy costs, and 
man-hours, we've 
saved a bundle— 
close to $100,000 in 
2007 alone." 

With some estimates stating that 
roughly 7 percent of existing servers are 
taking advantage of virtualization technol¬ 
ogy, the industry still has lots of growth 
ahead. And with Parallels providing com¬ 
petitive and reasonably priced alternatives 
to more expensive offerings (Virtuozzo 
Containers starts at $2,500 per dual CPU), 
it's clear that just about every IT pro can 
find a virtualization solution that fits his or 
her needs without blowing the budget. 

—Jeff James 

InstantDoc ID 99678 



Have you discovered a great product that saves you time and money? Do you use 
something you wouldn't wish on anyone? Tell the world in a review right 
here in What's Hot: Readers Review Hot Products. If we publish your opinion, 
we'll send you a Best Buy gift card and a free VIP subscription to Windows IT 
Pro! Send information about a product you use and whether it helps you or 
hinders you to whatshot@windowsitpro.com. 



70 SEPTEMBER 2008 Windows IT Pro 


We're in IT with You 


WHAT’S NOT 

Windows Vista Migrations 

According to a June 2008 survey 
commissioned by KACE Networks and 
conducted by King Research, 60 percent 
of the more than 1,100 IT professionals 
surveyed had no plans to migrate to 
Windows Vista. According to a story on 
the news by Windows IT Pro Senior Edi¬ 
tor Todd Erickson (www 
.windowsitpro.com, InstantDoc ID 
99868), more than 90 percent of the 
participants said that the release of 
Vista SP1 hadn't changed their plans to 
migrate to the OS. 

Apple MobileMe Launch 
Headaches 

While heaps of adoring press coverage 
has been thrown at the feet of Apple 
for the iPhone 3G and MacBook Air, 
the new MobileMe service—which 
promised to keep email, calendars, 
and contacts synced between desktop 
and mobile devices—has taken some 
serious lumps in the media.The Wall 
Street Journal's Walt Mossberg said that 
the new service "has too many flaws 
to keep its promises," while hundreds 
(if not thousands) of users have com¬ 
plained about email outages, synchro¬ 
nization glitches, and other problems. 
Apple products often benefit from 
needlessly positive media coverage, 
but MobileMe isn't one of them. 

The San Francisco IT 
Department 

The story of Terry Childs—an IT admin¬ 
istrator for the City of San Francisco 
who locked colleagues out of the city's 
new FiberWAN network—proves that 
having adequate security measures in 
any IT department is a must. Regardless 
of the outcome of the case (which was 
undecided at press time), the San Fran¬ 
cisco Department of Technology will 
undoubtedly review its internal security 
procedures. Is leaving the security of an 
IT infrastructure entirely in the hands of 
one employee ever a good idea? 
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PC Remote* Control 

Providing desktop support can be a headache with the large number of systems, servers and mo¬ 
bile devices located on today's corporate network. With NetSupport Manager remote control soft¬ 
ware, you can provide seamless IT support centrally from one location, improving response times 
and reducing associated IT costs. 

Support, monitor and train your users securely over a LAN, WAN and the Internet. Manage and 
monitor multiple systems simultaneously with NSM's multi-platform support. Troubleshoot help 
requests efficiently with NSM's inventory and desktop management tools. 

Able to co-exist with Remote Desktop (RDP), NetSupport Manager vl 0.3 supports a range of OS 
platforms and provides an option that lets any smart card login performed on a control PC to be 
redirected and applied on a client PC. 

Take control of your network before it controls you. 

0 

770-205-4456 
www.netsupportmanager.com 
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In the event that you do receive negative feedback, RatePoint 
automatically uses the Dispute Resolution Tool to verify the review. 
It offers you the opportunity to resolve the issue before the review 
is viewable on your site and gives you the chance to improve your 
customer service and retain more customers. 


Rate Si Reuieiu » 


The RatePoint Site Seal gives instant visual 
feedback to visitors, allowing them to see that 
your business is credible, safe and trustworthy. 
With one click, visitors can easily read reviews 
and write comments. 


1&1 is including RatePoint for free with all business 
hosting packages! So # what are you waiting for? 
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Featured Reviews 




BcidL online new 




The internet provides small to medium-sized businesses 
great opportunities to grow by opening their offers to 
millions of web users. It's especially important to build 
trust and a good company image in order to succeed on 
the web. 

Is there a way to quickly build a positive online reputation? 

Simply give your satisfied customers the ability to publish feed¬ 
back on your website! RatePoint is a leading provider of online 
reputation systems and will ensure customers that your reviews 
are credible and trustworthy. 


liY Jilt u. 07/ZB/20*.' 

MY rtiy ittftc Unit Trw Itotdl m wwBferfy;. ■ - 

bfly anil fP/Pytd \bi ijrlhriniih I’l.iyd- I raji'1 WW\ 1l> Him- 1 


irtfiftf it bvftartlafB «n 

KwthI fc«g(Hin. niiT h^ilc! wi|H -SThFT m*i: I- 

Tr« llaM q ■flKMwn lh^ rr. m . 

Iiii ui h >j>. jind Irv 7iHim hrrvvrt £mHvn?i\ I :. himi r 7 > 


timid hnCd fnr ftrtfalii-s ..ml h'- 
i* :mvllrnr fur rdminq ■■■- 

have loo fah ia gu foi > 


M M #C M Wt 


Miny 


WCMWWm 


Thr- htiw\ H-Hm.iliii 

Tlnderd Hilh f' 

Li m* Tree t«: 


World's #1 Web Host 


With a wide variety of products and hosting packages, superior data center technology, excellent reliability, special 
offers, great prices and a 90-Day Money Back Guarantee, it's no wonder customers trust 1&1 as their web host company! 































1&1 Business Website! 


Let customer 
feedback work for 
your business! 

I^RatePoint” 

Reputation is Everything 

1 1 

FREE for the life 
of your package!* 

Save $215.40 
every year. 


Included Domains 
(.com, .net, .org, .info or .biz) I 


Monthly Transfer Volume 


Mailbox Size 


RatePoint Tools 
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3 Domains FREE 

250 GB 
2,500 GB 
2,000 MB 

_/_ 

18 Pages 

_/_ 

_/_ 

_/_ 

_/_ 

_/_ 

_/_ 

/ 


24/7 Toll-free Phone, 
E-mail 

$g99 


Go Daddy 

Hostway 

PREMIUM 

STANDARD 

$ 1.99/year 

$7.95/year 

300 GB 

150 GB 

3,000 GB 

Unlimited 

1,000 MB 

75 MB 



Additional $8.99/month 

/ 

/ 

— 

— 

— 

— 

— 

/ 

/ 

— 

$7.99/month 

— 

— 

Extra Charge Applies 

— 

- 

- 

24/7 Phone, 

E-mail 

24/7 Toll-free Phone, 
E-mail 

$7499 

$ 21 95 


LIMITED TIME OFFER: 


.biz Domains 
1 Year 
for FREE!** 
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© 2008 1&1 Internet, Inc. All rights reserved. 

Visit 1and1.com for details. Prices based on comparable Linux web hosting package prices, effective 7/31/2008. 

* Otter valid only for 1&1 Business and Developer web hosting packages, Professional and Advanced eShops, and all Managed Servers. 

For full promotional offer details, visit www.1and1.com. 

**Offer valid for .biz only. After first year, standard pricing applies. 
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■ INDUSTRY BYTES 


Power-Management 
Software Helps Slash 
Energy Costs 

In many companies, Windows worksta¬ 
tions are left on 24 x 7 so that systems 
administrators can install patches and 
perform other desktop-management 
tasks during off-hours. But with rising 
energy costs and the push for envi¬ 
ronment-friendly practices, companies 
are beginning to rethink that strategy, 
especially in light of advances in power- 
management solutions. 

One way companies can reduce their 
energy bills is to use Windows' built-in 
power-management features, such as 
system standby and hibernate, in con¬ 
junction with Wake on LAN (WOL).The 
standby and hibernate modes put com¬ 
puters to sleep when they're inactive, and 
WOL wakes them up when desktop- 
management tasks (e.g., software 
updates) are launched manually. 

In standby mode (work is in memory and isn't saved in the 
event of power loss) and hibernate mode (work is saved if power 
is lost), the desktop computer and monitor use only 1 to 3 watts 
each. In contrast, fully powered desktop computers typically use 
about 65 watts and monitors use from 35 watts (LCDs) to 80 watts 
(CRTs). According to ENERGY STAR, using standby or hibernate 
mode cuts the electricity used by computers roughly in half, sav¬ 
ing $25 to $75 per computer annually. The EPA recommends set¬ 
ting computers to enter standby or hibernate mode after 30-60 
minutes of inactivity. 

Although standby and hibernate functionality has been in 


GPO is a basic but free utility that provides Group Policy Objects 
(GPOs) for centrally configuring power management settings. 
SURVEYOR is feature-rich, high-end software that lets you cen¬ 
trally control power-management features and schedule software 
updates on workstations running Windows 95 or a later version 
of Windows. Power Save, a relative newcomer in the computer 
power-management market, positions 
itself between the two. 

According to Dheeraj Mahtani, commu¬ 
nications specialist at Faronics, Power Save 
is the first power-management solution 
that analyzes keyboard and mouse activity, 
CPU and disk utilization, and application 
activity to determine when computers are 
inactive. When creating an inactivity defini¬ 
tion, admins can select which measures to 
analyze and provide specifics about those 
measures. For example, you can create a 
definition that says a computer is inactive 
when the mouse and keyboard aren't 
being used, CPU utilization is less than 25 
percent, and Microsoft Outlook isn't run¬ 
ning. "The customized definitions allow 
Power Save to accurately judge when 
a computer is and isn't in use,"explains 
Mahtani. "Administrators can then config¬ 
ure Power Save to stand by, hibernate, or 
shut down the system or turn off the monitor when the conditions in 
the inactivity definition are met."The free Faronics Core Console util¬ 
ity lets administrators centrally manage Power Save at an enterprise 
level. 

Both Power Save and SURVEYOR can generate reports showing 
energy consumption and the associated cost savings of using the 
power-management solution. Companies can use this information 
to help determine the ROI. At $14.14 per client license for corpo¬ 
rate and government organizations, Faronics estimates that the 
ROI for Power Save is 8 months. Verdiem estimates that SURVEYOR 
pays for itself in less than 18 months. 
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"Customized definitions allow Power Save to accurately judge 
when a computer is and isn't in use. Administrators can then 
configure Power Save to stand by, hibernate, shut down the 
system, or turn off the monitor." 


existence for quite some time, companies have been slow to take 
advantage of it. One likely reason for the resistance is that an 
administrator can't centrally control these power-management 
settings through the registry or Group Policy in Windows XP and 
Windows 2000. Only Windows Vista lets you use Group Policy to 
centrally manage these settings. 

For those still using earlier OSs, several third-party power- 
management solutions are available, such as ENERGY STAR'S EZ 
GPO, Verdiem's SURVEYOR 5.0, and Faronics' Power Save 2.0. EZ 


North American companies can achieve ROI even faster by tak¬ 
ing advantage of rebate and incentive programs offered by some 
energy utilities. For example, Pacific Gas and Electric offers a $15 
rebate for every networked PC that's licensed with power-man¬ 
agement software, and BC Hydro offers a $6 rebate for every PC 
licensed with Power Save, SURVEYOR, or other approved power- 
management software package. 

—Karen Bemowski 
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INDUSTRY BYTES 


Take Heart—You're Recession-Proof! 


Network and systems administrators have weathered the stormy 
economy better than people in other occupations so far. In fact, 

IT careers are ranked in the top 10 recession-proof occupations, 
according to the Jobfox career site. The ranking is based on a 
random sample of more than 4,000 US job openings posted on 
Jobfox.com over the past six months. 

"During this critical period of economic slowdown, these are 
the professionals who have been least affected by six consecutive 
months of job losses in the United States," said Jobfox CEO Rob 
McGovern. (The site didn't bother to rank editors of technology 
publications because we skew the statistics—whether officially 
employed or not, wherever we see a typo or misplaced apostro¬ 
phe, we're there, red pen at the ready.) 

Here's Jobfox's list of the top 10 most recession-proof jobs: 

1. Sales Representative/Business Development 

2. Software Design/Development 


3. Nursing 

4. Accounting & Finance Executive 

5. Accounting Staff 

6. Networking/Systems Administration 

7. Administrative Assistant 

8. Business Analysis: Software Implementation 

9. Business Analysis: Research 

10. Finance Staff 

According to the report from Jobfox, "The technology sector has 
the most recession-busting professions in the Top 20, including 
Testing/Quality Assurance, Database Administration and Technol¬ 
ogy Executive."To see more, go t o www.iobfox.com. 

—Caroline Marwitz 

InstantDoc ID 99750 
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■ INDUSTRY BYTES 


Do You Snoop? 

Sure, you're an IT pro, but are you an IT 
peeping tom? According to a recent survey 
conducted by Cyber-Ark Software, one 
in three IT workers admit to using their 
IT privileges to gain access to employees' 
confidential data. Yep, 33 percent of you 
are snooping through your company's sys¬ 
tems and reading private information such 
as wage data, personal email messages, 
and HR files. 

Many users probably suspect that IT 
might be using the privileged passwords 
they require for malicious purposes. But to see survey results such 
as these—which also report that the same percentage of IT pros 
say they can still access the company network after leaving a job, 
with no one to stop them—is sobering. 

According to Cyber-Ark, more than 200 IT pros participated in the 
survey. One of the surveyed respondents asked, "Why does it surprise 
you that so many of us snoop around your files? Wouldn't you if you 
had secret access to anything you can get your hands on?" 

Another respondent said, "It's easy for an employee to update 
the personal password to their laptop, but to change the admin¬ 


istrator password on 
that same machine? It 
would take days for IT to 
do them all by hand. In 
the end, we just pick one 
password for all the sys¬ 
tems and write it down." 

Calum Macleod, Euro¬ 
pean director for Cyber- 
Ark, said he was surprised 
by the results. "Gone are 
the days when you had 
to break into the filing 
cabinet in the personnel 
department to get at vital and highly confidential information. 

Now all you need to have is the administrative password and 
you can snoop around most places, and it appears that is exactly 
what's happening. Companies need to wake up to the fact that if 
they don't introduce layers of security, tighten up who has access 
to vital information, and manage and control privileged pass¬ 
words, then snooping, sabotage, and hacking will continue to 
be rife." ^ 

—Jason Bovberg 

InstantDoc ID 99515 



Are Your IIS Servers Under Attack? 


Block all unwonted IIS 
traffic with TfireatSentry 
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download free trial 



* IIS web application firewall & IPS 

* stops known, new and internal threats 

* blocks sql injection, xss, dos and more 

* reinforces regulatory compliance 


sales@privaiywore.tom • www.privatyware.com • 732.212.81 10 x235 



saatoraw 


FINALLY a filter for everything! 

• Block spam & viruses before they reach your 
mail server, employing Sunbelt Software anti¬ 
spyware & anti-malware VIPRE™technology. 


• Plugs into IIS SMTP and filters everything! 
Works with other SMTP filters without the bulk. 


No client software or MS Exchange needed - 
uses all junk E-mail options built into Outlook. 
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The Strangeloop WS1000 
^ ^ Web Services Accelerator takes care of 

performance problems caused by the strain that a 
dynamic Web environment places on enterprise applications. 
Just plug it in. No changes needed to your network or the application. 


www.stranqeloopnetworks.conn 


strangeloop" 
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Disasters come in all sizes 


Your business may be small, but isn’t 
it essential to you and your customers? 
Now there is no reason to go without a 
disaster recovery strategy to protect your 
IT assets and data. With virtualization 
and Vizioncore, you can have everything 
you need to put a SIMPLE, 
RELIABLE and AFFORDABLE 
disaster recovery plan in place. Let the 
experts at Vizioncore explain how any 
size business can leverage this 
exciting new technology to implement 
a solution that is right for you. 


Upcoming Webinar 


Simple Disaster Recovery for the SMB Market 

Tues., Sept. 9, 2008, at 9:00 a.m. CDT 
Our experts explain how to easily implement a cost-effective 
and reliable disaster recovery plan to protect your business. 

•£& YOUR TICKET TO THE EXPERTS 


vizioncor 


Register for this, or any of our webinars at: www.vizioncore.com/webinar 
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Stock Your IT Toolbox with All the Tools You Need! 




With a Windows IT Pro VIP subscription, you’ll receive: 

■ Every solution ever printed in Windows IT Pro and SQL Si 
(over 26,000 articles!) 

■ Bonus Web-exclusive content on hot topics such as 
Scripting, SharePoint, & more 

■ A 12-issue (1-year) print subscriptiorilo your choice ofi f^jS 

Windows IT Pro or SQL Server Magazine ! : . 

■ The convenient VIP CD (updated and mailed 2x/y'ear) -*j£- 

a $500 value— Yours for only $199*! VipCd 
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Equip yourself today at 

www.windowsitpro.com/go/StockMyToolbox 
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*Rates vary outside the U.S. 




ARE YOU PCI COMPLIANT? 


NOT WITHOUT A WEB APPLICATION FIREWALL 


A cost effective IIS WAF that stops SQL injection, XSS 

1-1 and other Web attacks right out of the “box” 


1 serverdefender 


Free trial downloads at: 

serverdefender.com/pci BJUI b 

m software 


78 SEPTEMBER 2008 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 






















DIRECTORY OF SERVICES 


AD INDEX 


Windows IT Pro Network 


Search our network of sites dedicated to hands-on 
technical information for IT professionals. 

www.windowsitpro.com 

Support 

Join our discussion forums. Post your questions 
and get advice from authors, vendors, and other IT 
professionals. 

www.windowsitpro.com/forums 

News 

Check out the current news and information about 
Microsoft Windows technologies. 

www.wininformant.com 


EMAIL NEWSLETTERS 

Get free NT/2000/XP/2003 news, commentary, and 
tips delivered automatically to your desktop. 
Essential Bl UPDATE 
Exchange & Outlook UPDATE 
.NET Briefing 
Scripting Central 
Security UPDATE 
SQL Server Magazine UPDATE 
Virtualization UPDATE 
Vista UPDATE 
Windows IT Pro UPDATE 
Windows Tips & Tricks UPDATE 
Winlnfo Daily UPDATE 

www.windowsitpro.com/email 

RELATED PRODUCTS 

Custom Reprint Services 

Order reprints of Windows IT Pro articles. Contact 
Joel Kirk a t jkirk@penton.com. 

Super CD/VIP 

Get exclusive access to all of our print publications, 
including Windows IT Pm, via the new, banner-free 
VIP Web site. 

www.windowsitpro.com/sub/vip 

Article Archive CD 

Access every article ever printed in Windows IT Pro 
magazine since September 1995 with this portable 
and speedy tool. 

www.windowsitpro.com/sub/cd 

SQL SERVER MAGAZINE 

Explore the hottest new features of SQL Server, and 
discover practical tips and tools. 

www.sqlmag.com 


ASSOCIATED WEB SITES 

WindowsDev Pro 

Discover up-to-the-minute expert insights, infor¬ 
mation on development for IT optimization, and 
solutions-focused articles a t WindowsDevPro.com, 
where IT pros creatively and proactively drive busi¬ 
ness value through technology. 

www.windowsdevpro.com 

Office & SharePoint Pro 

Dive into Microsoft Office and SharePoint content 
offered in specialized articles, member forums, 
expert tips, and Web seminars mentored by a com¬ 
munity of peers and professionals. 

www.officesharepointpro.com 


For detailed information about products in this issue of Windows IT Pro, visit the Web sites listed below. 


COMPANY/URL 

PAGE 

COMPANY/URL 

PAGeI 

1&1 Internet. 

.72, 73 

Microsoft Corporation. 

. 15 

www.1and1.com 


www.microsoft.com 


AMD. 

. 15 

Microsoft Corporation. 

. 65 

www.amd.com 


www.easyeasier.com 


Ascentn . 

. 29 

Netikus. 

.8 

www.ascentn.com 


www.eventsentry.com 


AvePoint Inc. 

. 52 

Netsupport. 

. 71 

www.avepoint.com 


www.netsupportmanager.com 


Brocade Communications 


Port80 Software Inc. 

. 78 

Systems. 

. Cover 4 

www.port80software.com 


www.brocade.com/cleartheclutter 






Privacyware. 

. 76 

Dakota Software. 

. 76 

www.privacyware.com 


www.daksoftware.com 






Research In Motion . 

. 16B 

GFI Software Ltd. 

,... Cover Tip 

www.blackberry.com/go/mobilizeyourbusiness 

www.gfi.com/mro 






Sapien Technologies. 

. 75 

IBM Corporation. 

, 45, 47, 49,51 

www.sapien.com 


www.ibm.com/takebackcontrol 






Strangeloop Networks. 

. 77 

IBM Corporation. 

. Cover 3 

www.strangeloopnetworks.com 


www.ibm.com/systems/uptime 






Sunbelt Software Inc. 

.4 

IT Connections. 

.18, 56B 

ww.sunbeltsoftware.com 


www.ITProConnections.com 






Vizioncore. 

. 77 

IT Watchdogs. 

. 78 

www.vizioncore.com/webinar 


FreeBook@ITWatchdogs.com 






Windows Connections. 

.30, 32B 

Lucid8. 

. 11 

www.WinConnections.com 


www.lucid8.com 






Windows IT Pro . 22, 34, 43, 59,62, 78 

Microsoft Corporation. 

... Cover 2,1 

www.windowsitpro.com 


www.microsoft.com/voip 




Microsoft Corporation. 

.7 



www.serve ru n 1 ea s h ed .co m 




1 VENDOR DIRECTORY 

i 

1 The following vendors or their products are mentioned in this issue of 


| Windows IT Pro on the pages listed below. 




Acronis.68 

Akonix.64 

AOL._66 

AVIcode.57 

Barracuda Networks.64 

BigString.66 

CA._68 

Cisco . 33 

Cyber-Ark Software.76 

dtSearch.61 

Embotics. S7_ 

EMCO Software.68 

Expand Networks.57 

FaceTime 

Communications.64 


Faronics.74 

Google. .61,66 

HP._68 

Jobfox. 7S_ 

Kace Networks.68 

Large Software.58 

Lenovo.16 

LiveOffice.57 

ManageSoft.68 

NVIDIA._I6 

Open-E._58 

Palm._60 

Parallels.._70 

Presensoft. 64 

Privacyware.58 


QLogic.9 

Quest Software. _39_ 

Scriptlogic.68 

Seanodes.57 

SibCode.58 

Sigaba.64 

Sunbelt Software._64_ 

Symantec.64, 68 

The Scooter Store. _24_ 

Verdiem.74 

VMware. 9,16 

Yahoo!.66 


We're in IT with You 


Windows IT Pro 


www.windowsitpro.com 


SEPTEMBER 2008 79 


































































































































DeviceWall - InstallShield Wizard 


September 2008 issue no. 169, Windows IT Pro (ISSN 1552-3136) is published monthly. Copyright 2008, Penton Media, Inc., all rights 
reserved. Subscriptions in US, $54.95 for one year; in Canada, $59 US currency, plus GST for one year; in all other countries, US 
$99. Windows is a trademark or registered trademark of Microsoft Corporation in the United States and/or other countries, 
and Windows IT Pro is used under license from owner. Windows IT Pro is an independent publication not affiliated with Micro¬ 
soft Corporation. Microsoft Corporation is not responsible in anyway for the editorial policy or other contents of the publication. 
Windows IT Pro, 221 E. 29th St., Loveland, CO 80538, (800) 793-5697 or (970) 203-2782. Sales and Marketing Offices: 221 E. 29th 
St., Loveland, CO 80538. Advertising rates furnished upon request. Periodicals Class postage paid at Loveland, Colorado, and 
additional mailing offices. POSTMASTER: Send address changes to Windows IT Pro, 221 E. 29th St., Loveland, CO 80539-0447. 
SUBSCRIBERS: Send all inquiries, payments, and address changes to Windows IT Pro, Circulation Department, 221 E. 29th St., 
Loveland, CO 80539. Printed in the USA. BPA Worldwide Member. 


SEND US YOUR INDUSTRY HUMOR! 

Email your industry humor, scandal¬ 
ous rumors, funny screenshots, favorite 
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Ctrl+Alt+Del coffee mug. 


Are we the only ones 
who think someone 
should have looked 
more closely at the 
Microsoft Exchange 
Team blog's URL— 
msexchangeteam.com? 
"You Had Me At 
EHLO," indeed. 


More Comfort 
Less Hunch 


Hey, I didn't 


know you 


could 


do that! 


■CTRL+ALT+DEL _ 

by Jason Bovberg 

Helpful 
Infographic 
of the Month 


In conjunction with American Airlines 1 announcement that it would offer passengers 
high-speed in-flight Internet service, a company called Keynamics introduced 
its AVIATOR Laptop Stand specifically designed for use on airplane tray 
tables. Claiming to "convert seat-back tray tables into mile-high 
workstations," Keynamics sent us this illuminating infographic. 

Questions of poor posture aside, we're just relieved this poor 
gentleman was able to remove his head from the window. 
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Powerful. 

Efficient. 


IBM System x3550 Express 
$2,205 


OR $56/MONTH FOR 36 MONTHS 1 

IBM System x3550™ Express. It’s designed to stay up and 
running and help reduce system downtime. In fact, it can 
even identify a potential problem before it becomes one. 
And if you ever have to replace a component, you can do 
that without having to shut down. Just one more way the 
x3550 Express keeps downtime down. 

From the people and Business Partners of IBM. 

It’s innovation made easy. 


RUN YOUR CRITICAL APPLICATIONS WITH CONFIDENCE. 



PN: 7978EJU _ 

Featuring up to two Quad-Core Intel® Xeon® Processors E5430 2.66GHz 
Hot-swap redundant cooling for high availability 
Includes IBM Director and PowerExecutive to help manage power 
consumption, increase uptime, reduce costs and improve productivity 
3-year on-site limited warranty 2 on parts and labor 


IBM SYSTEM STORAGE™ 
DS3400 EXPRESS KIT 

$13,793 

OR $352/MONTH FOR 36 MONTHS 1 


PN: 1726-42U 


IBM TIVOLI® CONTINUOUS DATA PROTECTION FOR FILES 

$42 per user 


PN: D613ALL 



All-in-one kit makes it easier to migrate from your DAS network to SAN 
Includes IBM System Storage DS3400 Dual Controller, four IBM Emulex 42C2069 
4Gb/s PCI Express HBAs, Brocade SAN 8 Port Fibre Channel switch (16 total 
ports), twelve 4Gb/s SFPs, and eight 5-meter optical LC cables 
Emulex EZ Pilot™ installation/management software included 


Save and recovery technology enables file recovery to any point in time 
Continuous Data Protection (CDP) protects your data from the aftermath of a virus 
attack or user error 

Up to 3 backup/replication areas help protect against corruption, file loss or 
system loss 


COMPLIMENTARY SYSTEMS ADVISOR TOOL 
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Want to find the right server or storage system for you? j 

Our Systems Advisor Tool can help. Just give the tool a little ■ 
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input, and it will identify products that can help meet your 

ibm.com/systems/uptime 

business needs. Get started now at ibm.com/systems/uptime 
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Clear the clutter 
with the FREE File Insight 
utility download at 

www.brocade.com/ 

cleartheclutter 


FEEL LIKE YOU’RE STORING EVERYTHING AND MANAGING NOTHING? 

BROCADE FILE SOLUTIONS FOR WINDOWS FILE ADMINISTRATORS CAN HELP. 

With Brocade File Solutions for Windows File Administrators, you can automatically migrate files 
to the optimum types of media based on your rules. Stop spending late nights and weekends 
manually migrating file data and start providing your users with access to the data they need. 
Clear the clutter with the FREE File Insight utility download at 


BROCADE 


© 2008 Brocade Communications Systems, Inc. All rights reserved. Brocade is a registered trademark, and the B-wing symbol is a trademark of 
Brocade Communications Systems, Inc. 









































































































































































































































































































































